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Introduction 


This Management and Configuration Guide is intended to support the 
following switches: 


■ 
HP ProCurve Switch 4104GL 


■ 
HP ProCurve Switch 4108GL 


■ 
HP ProCurve Switch 2626 


■ 
HP ProCurve Switch 2650 


■ 
HP ProCurve Switch 6108 


This guide describes how to use the command line interface (CLI), Menu 
interface, and web browser interface to configure, manage, and monitor 
switch operation. A troubleshooting chapter is also included. 


For information on other product documentation for the above switches, refer 
to “Related Publications” on page 1-4. 


The Product Documentation CD-ROM shipped with the switch includes a 
copy of this guide. You can also download a copy from the HP ProCurve 
website, http://www.hp.com/go/hpprocurve. (See “Getting Documentation From 
the Web” on page 1-6.) 


About the Feature Descriptions 


In cases where a software feature is not available in all of the switch products 
covered by this guide, the text specifically indicates which device(s) offer the 
feature. 
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Conventions 


This guide uses the following conventions for command syntax and displayed 
information. 
Command Syntax Statements 


Syntax: aaa port-access authenticator < port-list > 
[ control < authorized | auto | unauthorized >] 


■ 
Vertical bars ( | ) separate alternative, mutually exclusive elements. 


■ 
Square brackets ( [ ] ) indicate optional elements. 


■ 
Braces ( < > ) enclose required elements. 


■	 
Braces within square brackets ( [ < > ] ) indicate a required element 
within an optional choice. 


■	 
Boldface indicates use of a CLI command, part of a CLI command 
syntax, or other displayed element in general text. For example: 


“Use the copy tftp command to download the key from a TFTP server.” 


■	 
Italics indicate variables for which you must supply a value when 
executing the command. For example, in this command syntax, < port- 
list > indicates that you must provide one or more port numbers: 


Syntax: aaa port-access authenticator < port-list > 


Command Prompts 


In the default configuration, your switch displays one of the following CLI 
prompts: 


HP ProCurve Switch 4104#
 
HP ProCurve Switch 4108#
 
HP ProCurve Switch 2626#
 
HP ProCurve Switch 2650#
 
HP ProCurve Switch 6108# 


To simplify recognition, this guide uses HPswitch to represent command 
prompts for all models. For example: 


HPswitch#
 


(You can use the hostname command to change the text in the CLI prompt.) 
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Screen Simulations 


Figures containing simulated screen text and command output look like this: 


Figure 1-1. Example of a Figure Showing a Simulated Screen 


In some cases, brief command-output sequences appear outside of a num­ 
bered figure. For example: 


HPswitch(config)# ip default-gateway 18.28.152.1/24
 
HPswitch(config)# vlan 1 ip address 18.28.36.152/24
 
HPswitch(config)# vlan 1 ip igmp
 


Port Identity Convention for Examples 


This guide describes software applicable to both chassis-based and stackable 
HP ProCurve switches. Where port identities are needed in an example, this 
guide uses the chassis-based port identity system, such as "A1", "B3 - B5", "C7", 
etc. However, unless otherwise noted, such examples apply equally to the 
stackable switches, which typically use only numbers, such as "1", "3-5", "15", 
etc. for port identities. 


Related Publications 


Read Me First. The Read Me First shipped with your switch provides soft- 
ware update information, product notes, and other information. A printed 
copy is shipped with your switch. For the latest version, refer to “Getting 
Documentation From the Web” on page 1-6. 


Installation and Getting Started Guide. Use the Installation and Get­ 
ting Started Guide shipped with your switch to prepare for and perform the 
physical installation. This guide also steps you through connecting the switch 
to your network and assigning IP addressing, as well as describing the LED 
indications for correct operation and trouble analysis. A PDF version of this 
guide is also provided on the Product Documentation CD-ROM shipped with 
the switch. And you can download a copy from the HP ProCurve website. (See 
“Getting Documentation From the Web” on page 1-6.) 
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Related Publications 


Access Security Guide. Use the Access Security Guide to learn how to use 
and configure the following access security features available in the switch: 


■ 
Username and Password Security 


■ 
TACACS+ Authentication 


■	 
RADIUS Authentication and 
Accounting 


■ 
Secure Shell (SSH) Encryption 


■ 
Secure Socket Layer (SSL) 


■	 
Port-Based Access Control 
(802.1X) 


■	 
Port Security Using Authorized 
MAC Addresses 


■ 
Authorized IP Managers 


■	 
Key Management System (for the 
5300XL switches) 


HP provides a PDF version of this guide on the Product Documentation 
CD-ROM shipped with the switch. You can also download a copy from the HP 
ProCurve website. (See “Getting Documentation From the Web” on page 1-6.) 


Release Notes. Release notes are posted on the HP ProCurve website and 
provide information on new software updates: 


■ 
New features and how to configure and use them 


■ 
Software management, including downloading software to the switch 


■ 
Software fixes addressed in current and previous releases 


To view and download a copy of the latest release notes for your switch, see 
“Getting Documentation From the Web” on page 1-6. 
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Getting Documentation From the Web 


1.	 
Go to the HP ProCurve website at 


http://www.hp.com/go/hpprocurve 


2. 
Click on technical support. 


3. 
Click on manuals. 


4. 
Click on the product for which you want to view or download a manual. 


2 


3 


4 


Figure 1-2. Finding Product Manuals on the HP ProCurve Website 
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Sources for More Information 


■ 
If you need information on specific parameters in the menu interface, 
refer to the online help provided in the interface. For example: 


Online Help 
for Menu 


Figure 1-3. Getting Help in the Menu Interface 


■	 
If you need information on a specific command in the CLI, type the 
command name followed by “help”. For example: 


Figure 1-4. Getting Help in the CLI 


■	 
If you need information on specific features in the HP Web Browser 
Interface (hereafter referred to as the “web browser interface”), use 
the online help available for the web browser interface. For more 
information on web browser Help options, refer to “Online Help for 
the HP Web Browser Interface” on page 5-11. 


■	 
If you need further information on Hewlett-Packard switch tech­ 
nology, visit the HP ProCurve website at: 


http://www.hp.com/go/hpprocurve 
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Need Only a Quick Start? 


IP Addressing. If you just want to give the switch an IP address so that it 
can communicate on your network, or if you are not using VLANs, HP 
recommends that you use the Switch Setup screen to quickly configure IP 
addressing. To do so, do one of the following: 


■ 
Enter setup at the CLI Manager level prompt. 


HPswitch# setup
 


■ 
In the Main Menu of the Menu interface, select 


8. Run Setup 


For more on using the Switch Setup screen, see the Installation and Getting 
Started Guide you received with the switch. 


To Set Up and Install the Switch in Your Network 


Important!	 
Use the Installation and Getting Started Guide shipped with your switch for 
the following: 


■	 
Notes, cautions, and warnings related to installing and using the 
switch and its related modules 


■ 
Instructions for physically installing the switch in your network 


■	 
Quickly assigning an IP address and subnet mask, set a Manager 
password, and (optionally) configure other basic features. 


■ 
Interpreting LED behavior. 


For the latest version of the Installation and Getting Started Guide and other 
documentation for your switch, visit to the HP ProCurve website. (Refer to 
“Getting Documentation From the Web” on page 1-6.) 
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Overview 


This chapter describes the following: 


■ 
Switch management interfaces 


■ 
Advantages of using each interface type 


Understanding Management Interfaces 


Management interfaces enable you to reconfigure the switch and to monitor 
switch status and performance. Interface types include: 


■ 
Menu interface—a menu-driven interface offering a subset of switch 
commands through the built-in VT-100/ANSI console—page 2-3 


■ 
CLI—a command line interface offering the full set of switch commands 
through the VT-100/ANSI console built into the switch—page 2-4 


■ 
Web browser interface --a switch interface offering status information 
and a subset of switch commands through a standard web browser (such 
as Netscape Navigator or Microsoft Internet Explorer)—page 2-5 


■ 
HP TopTools for Hubs & Switches--an easy-to-use, browser-based 
network management tool that works with HP proactive networking 
features built into managed HP hubs and switches 


This manual describes how to use the menu interface (chapter 3), the CLI 
(chapter 4), the web browser interface (chapter 5), and how to use these 
interfaces to configure and monitor the switch. 


For information on how to access the web browser interface Help, refer to 
“Online Help for the HP Web Browser Interface” on page 5-11. 


To use HP TopTools for Hubs and Switches, refer to the HP TopTools User’s 
Guide and the TopTools online help, which are available electronically with 
the TopTools software. (To get a copy of HP TopTools for Hubs and Switches 
software, refer to the Read Me First document shipped with your switch. 


Not e	 
Although TopTools recognizes the Switch 2626 as an SNMP device, custom­ 
ized device management is not supported for the Switch 2626 in HP TopTools 
for hubs and switches. 
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Advantages of Using the Menu Interface
 


Figure 2-1. Example of the Console Interface Display 


■ 
Provides quick, easy management access to a menu-driven subset of 
switch configuration and performance features: 


• IP addressing 
• Spanning Tree 


• VLANs and GVRP 
• System information 


• Port Security 
• Passwords 


• Port and Static Trunk Group • SNMP communities 
• Stack Management 
• Time protocols 


The menu interface also provides access for: 


• Setup screen 
• Switch and port statistic and counter 


• Event Log display 
displays 


•	 Switch and port 
• Reboots 


status displays 
• Software downloads 


■ 
Offers out-of-band access (through the RS-232 connection) to the 
switch, so network bottlenecks, crashes, lack of configured or correct IP 
address, and network downtime do not slow or prevent access 


■ 
Enables Telnet (in-band) access to the menu functionality. 


■ 
Allows faster navigation, avoiding delays that occur with slower 
display of graphical objects over a web browser interface. 


■ 
Provides more security; configuration information and passwords are 
not seen on the network. 
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Advantages of Using the CLI
 


HPswitch> 
Operator Level
 


HPswitch# 
Manager Level
 


HPswitch(config)# 
Global Configuration Level
 


HPswitch(<context>)# Context Configuration Levels (port, VLAN)
 


Figure 2-2. Command Prompt Examples 


■ 
Provides access to the complete set of the switch configuration, perfor­ 
mance, and diagnostic features. 


■ 
Offers out-of-band access (through the RS-232 connection) or Telnet (in- 
band) access. 


■ 
Enables quick, detailed system configuration and management access to 
system operators and administrators experienced in command prompt 
interfaces. 


■ 
Provides help at each level for determining available options and vari­ 
ables. 


CLI Usage 


■ 
For information on how to use the CLI, refer to chapter 3. "Using the 
Command Line Interface (CLI)". 


■ 
To perform specific procedures (such as configuring IP addressing or 
VLANs), use the Contents listing at the front of the manual to locate the 
information you need. 


■ 
For monitoring and analyzing switch operation, refer to appendix B. 


■ 
For information on individual CLI commands, refer to the Index or to the 
online Help provided in the CLI interface. 
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Advantages of Using the HP Web 
Browser Interface 


Figure 2-3. Example of the HP Web Browser Interface 


■ 
Easy access to the switch from anywhere on the network 


■ 
Familiar browser interface--locations of window objects consistent 
with commonly used browsers, uses mouse clicking for navigation, no 
terminal setup 


■ 
Many features have all their fields in one screen so you can view all 
values at once 


■ 
More visual cues, using colors, status bars, device icons, and other 
graphical objects instead of relying solely on alphanumeric values 


■ 
Display of acceptable ranges of values available in configuration list 
boxes 
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Advantages of Using HP TopTools for 
Hubs & Switches 


You can operate HP TopTools from a PC on the network to monitor traffic, 
manage your hubs and switches, and proactively recommend network 
changes to increase network uptime and optimize performance. Easy toinstall 
and use, HP TopTools for Hubs & Switches is the answer to your management 
challenges. 


Figure 2-4. Example of HP TopTools Home Page 


Not e	 
Although TopTools recognizes the Switch 2626 as an SNMP device, custom­ 
ized device management is not supported for the Switch 2626 in HP TopTools 
for hubs and switches.. 
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HP TopTools for Hubs & Switches enables greater control, uptime, and 
performance in your network: 


■ 
For networked devices 


• 
Enables fast installation of hubs and switches. 


•	 
Enables you to proactively manage your network by using the Alert 
Log to quickly identify problems and suggest solutions, saving valu­ 
able time. 


•	 
Notifies you when HP hubs use “self-healing” features to fix or limit 
common network problems. 


•	 
Provides a list of discovered devices, with device type, connectivity 
status, the number of new or open alerts for each device, and the type 
of management for each device. 


•	 
Provides graphical maps of your networked devices, from which you 
can access specific devices. 


•	 
Identifies users by port and lets you assign easy-to-remember names 
to any network device. 


•	 
Enables you to configure and monitor HP networked devices from 
your network management PC, including identity and status informa­ 
tion, port counters, port on/off capability, sensitivity thresholds for 
traps, IP and security configuration, device configuration report, and 
other device features. 


•	 
Enables policy-based management through the Quality of Service 
feature (QoS) to establish traffic priority policies for controlling and 
improving throughput across all the HP switches in your network that 
support this feature. 


■ 
For network traffic: 


•	 
Watches the network for problems and displays real-time information 
about network status. 


• 
Shows traffic and “top talker” nodes on screen. 


• 
Uses traffic monitor diagrams to make bottlenecks easy to see. 


• 
Improves network reliability through real-time fault isolation. 


•	 
Lets you see your entire network without having to put RMON probes 
on every segment (up to 1500 segments). 


■ 
For network growth: 


•	 
Monitors, stores, and analyzes network traffic to determine where 
upgrades are needed. 


•	 
Uses Network Performance Advisor for automatic traffic analysis 
and easy-to-understand reports that give clear, easy-to-follow plans 
for cost-effectively upgrading your network. 
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Overview 


This chapter describes the following:
 


■ 
Overview of the Menu Interface
 


■ 
Starting and ending a Menu session (page 3-3))
 


■ 
The Main Menu (page 3-7)) 


■ 
Screen structure and navigation (page 3-9)) 


■ 
Rebooting the switch (page 3-12)) 


The menu interface operates through the switch console to provide you with
 
a subset of switch commands in an easy-to-use menu format enabling you to:
 


■ 
Perform a "quick configuration" of basic parameters, such as the IP 
addressing needed to provide management access through your network 


■ 
Configure these features: 


•	 
Manager and Operator pass- 
words 


• 
System parameters 


• 
IP addressing 


• 
Time protocol 


• 
Ports 


• 
Trunk groups 


• 
A network monitoring port 


• 
Stack Management 


• 
Spanning Tree operation 


• 
SNMP community names 


• 
IP authorized managers 


•	 
VLANs (Virtual LANs) and 
GVRP 


■ 
View status, counters, and Event Log information
 


■ 
Update switch software
 


■ 
Reboot the switch
 


For a detailed list of menu features, see the “Menu Features List” on page 3-14).
 


Privilege Levels and Password Security. HP strongly recommends that 
you configure a Manager password to help prevent unauthorized access to 
your network. A Manager password grants fullread-write access to the switch. 
An Operator password, if configured, grants access to status and counter,
 
Event Log, and the Operator level in the CLI. After you configure passwords 
on the switch and log off of the interface, access to the menu interface (and 
the CLI and web browser interface) will require entry of either the Manager 
or Operator password. (If the switch has only a Manager password, then
 
someone without a password can still gain read-only access.) 
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Not e	 
If the switch has neither a Manager nor an Operator password, anyone 
having access to the console interface can operate the console with full 
manager privileges. Also, if you configure only an Operator password, 
entering the Operator password enables full manager privileges. 


For more information on passwords, see the chapter on local passwords in 
the Access Security Guide for your switch. 


■ 
The menu interface displays the current running-config parameter set­ 
tings. You can use the menu interface to save configuration changes made 
in the CLI only if the CLI changes are in the running config when you save 
changes made in the menu interface. (For more on how switch memory 
manages configuration changes, see Chapter 6, “Switch Memory and 
Configuration”.) 


■ 
A configuration change made through any switch interface overwrites 
earlier changes made through any other interface. 


■ 
The Menu Interface and the CLI (Command Line Interface) both use the 
switch console. To enter the menu from the CLI, use the menu command. 
To enter the CLI from the Menu interface, select Command Line (CLI) option.) 


Starting and Ending a Menu Session 


You can access the menu interface using any of the following: 


■ 
A direct serial connection to the switch’s console port, as described in the 
installation guide you received with the switch 


■ 
A Telnet connection to the switch console from a networked PC or the 
switch’s web browser interface. Telnet requires that an IP address and 
subnet mask compatible with your network have already been configured 
on the switch. 


■ 
The stack Commander, if the switch is a stack member 


Not e	 
This section assumes that either a terminal device is already configured and 
connected to the switch (see the Installation and Getting Started Guide 
shipped with your switch) or that you have already configured an IP address 
on the switch (required for Telnet access). 
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How To Start a Menu Interface Session 


In its factory default configuration, the switch console starts with the CLI 
prompt. To use the menu interface with Manager privileges, go to the Manager 
level prompt and enter the menu command. 


1. 
Use one of these methods to connect to the switch: 


• 
A PC terminal emulator or terminal 


• 
Telnet 


(You can also use the stack Commander if the switch is a stack member. 
See Chapter 15, “HP ProCurve Stack Management”). 


2. 
Do one of the following: 


• 
If you are using Telnet, go to step 3. 


•	 
If you are using a PC terminal emulator or a terminal, press [Enter] one 
or more times until a prompt appears. 


3. 
When the switch screen appears, do one of the following: 


• 
If a password has been configured, the password prompt appears. 


Password: _
 


Type the Manager password and press [Enter]. Entering the Manager 
password gives you manager-level access to the switch. (Entering the 
Operator password gives you operator-level access to the switch. 
Refer to the chapter on local manager and operator usernames and 
passwords in the Access Security Guide for your switch.) 


•	 
If no password has been configured, the CLI prompt appears. Go to 
the next step. 


4.	 
When the CLI prompt appears, display the Menu interface by entering the 
menu command. For example: 


HPswitch# menu [Enter] 


results in: 
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Starting and Ending a Menu Session 


Figure 3-1. The Main Menu with Manager Privileges 


For a description of Main Menu features, see “Main Menu Features” on page 
3-7). 


Not e	 
To configure the switch to start with the menu interface instead of the CLI, go 
to the Manager level prompt in the CLI, enter the setup command, and in the 
resulting display, change the Logon Default parameter to Menu. For more infor­ 
mation, see the Installation and Getting Started Guide you received with the 
switch. 


How To End a Menu Session and Exit from the Console: 


The method for ending a menu session and exiting from the console depends 
on whether, during the session, you made any changes to the switch configu­ 
ration that require a switch reboot to activate. (Most changes via the menu 
interface need only a Save, and do not require a switch reboot.) Configuration 
changes needing a reboot are marked with an asterisk (*) next to the config­ 
ured item in the menu and also next to the Switch Configuration item in the 
Main Menu. 
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Asterisk indicates a 
configuration change 
that requires a reboot 
to activate. 


Figure 3-2. An Asterisk Indicates a Configuration Change Requiring a Reboot 


1.	 
In the current session, if you have not made configuration changes that 
require a switch reboot to activate, return to the Main Menu and press [0] 
(zero) to log out. Then just exit from the terminal program, turn off the 
terminal, or quit the Telnet session. 


2.	 
If you have made configuration changes that require a switch reboot— 
that is, if an asterisk (*) appears nextto a configureditemornext to Switch 
Configuration in the Main Menu: 


a. 
Return to the Main Menu. 


b.	 Press [6] to select Reboot Switch and follow the instructions on the 
reboot screen. 


Rebooting the switch terminates the menu session, and, if you are using 
Telnet, disconnects the Telnet session. 


(See “Rebooting To Activate Configuration Changes” on page 3-13).) 


3.	 
Exit from the terminal program, turn off the terminal, or close the Telnet 
application program. 
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Main Menu Features
 


Figure 3-3. The Main Menu View with Manager Privileges 


The Main Menu gives you access to these Menu interface features: 


■ 
Status and Counters: Provides access to display screens showing 
switch information, port status and counters, port and VLAN address 
tables, and spanning tree information. (See Appendix B, “Monitoring and 
Analyzing Switch Operation”.) 


■ 
Switch Configuration: Provides access to configuration screens for 
displaying and changing the current configuration settings. (See the Con- 
tents listing at the front of this manual.) For a listing of features and 
parameters configurable through the menu interface, see the “Menu Fea­ 
tures List” on page 3-14). 


■ 
Console Passwords: Provides access to the screen used to set or change 
Manager-level and Operator-level passwords, and to delete Manager and 
Operator password protection. (See the local password chapter in the 
Access Security Guide shipped with your switch.) 


■ 
Event Log: Enables you to read progress and error messages that are 
useful for checking and troubleshooting switch operation. (See “Using 
Logging To Identify Problem Sources” on page C-21.) 
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■ 
Command Line (CLI): Selects the Command Line Interface at the same 
level (Manager or Operator) that you are accessing in the Menu interface. 
(See chapter , “Using the Command Line Interface (CLI)”.) 


■ 
Reboot Switch: Performs a “warm” reboot of the switch, which clears 
most temporary error conditions, resets the network activity counters to 
zero, and resets the system up-time to zero. A reboot is required to activate 
a change in the VLAN Support parameter. (See “Rebooting from the Menu 
Interface” on page 6-10.) 


■ 
Download OS: Enables you to download a new software version to the 
switch. (See Appendix A, “File Transfers”.) 


■ 
Run Setup: Displays the Switch Setup screen for quickly configuring 
basic switch parameters such as IP addressing, default gateway, logon 
default interface, spanning tree, and others. (See the Installation and 
Getting Started guide shipped with your switch.) 


■ 
Stacking: Enables you to use a single IP address and standard network 
cabling to manage a group of up to 16 switches in the same subnet 
(broadcast domain). See Chapter 15, “HP ProCurve Stack Management”. 


■ 
Logout: Closes the Menu interface and console session, and disconnects 
Telnet access to the switch. (See “How to End a Menu Session and Exit 
from the Console” on page 3-5).) 
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Screen Structure and Navigation 


Menu interface screens include these three elements: 


■ 
Parameter fields and/or read-only information such as statistics 


■ 
Navigation and configuration actions, such as Save, Edit, and Cancel 


■ 
Help line to describe navigation options, individual parameters, and read- 
only data 


For example, in the following System Information screen: 


Help line 
describing the 
selected action 
or selected 
parameter field 


Parameter fields 


Help describing each of the 
items in the parameter fields 


Navigation instructions 


Actions line 


Screen title – identifies 
the location within the 
menu structure 


Figure 3-4. Elements of the Screen Structure 


“Forms” Design. The configuration screens, in particular, operate similarly 
to a number of PC applications that use forms for data entry. When you first 
enter these screens, you see the current configuration for the item you have 
selected. To change the configuration, the basic operation is to: 


1. 
Press [E] to select the Edit action. 


2.	 
Navigate through the screen making all the necessary configuration 
changes. (See table 3-1 on page 3-10.) 


3.	 
Press [Enter] to return to the Actions line. From there you can save the 
configuration changes or cancel the changes. Cancel returns the configu­ 
ration to the values you saw when you first entered the screen. 
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Table 3-1. 
How To Navigate in the Menu Interface 


Task: 
Actions: 


Execute an action 
Use either of the following methods: 


from the “Actions –>” 
• Use the arrow keys ([<] or [>]) to highlight the action you want to 


list at the bottom of 
execute, then press [Enter]. 


the screen: 
•	 Press the key corresponding to the capital letter in the action 
name. For example, in a configuration menu, press [E] to select 
Edit and begin editing parameter values. 


Reconfigure (edit) a 
parameter setting or a 
field: 


1.	 Select a configuration item, such as System Name. (See figure 
2-4.) 


2. Press [E] (for Edit on the Actions line). 
3.	 Use [Tab] or the arrow keys ([<], [>], [^], or [v]) to highlight the 
item or field. 


4. Do one of the following: 


–	 If the parameter has preconfigured values, either use the 
Space bar to select a new option or type the first part of your 
selection and the rest of the selection appears automatically. 
(The help line instructs you to “Select” a value.) 


–	 If there are no preconfigured values, type in a value (the Help 
line instructs you to “Enter” a value). 


5. If you want to change another parameter value, return to step 3. 
6.	 If you are finished editing parameters in the displayed screen, 
press [Enter] to return to the Actions line and do one of the 
following: 
–	 To save and activate configuration changes, press [S] (for the 
Save action). This saves the changes in the startup 
configuration and also implements the change in the 
currently running configuration. (See Chapter 6, “Switch 
Memory and Configuration”.) 


–	 To exit from the screen without saving any changes that you 
have made (or if you have not made changes), press [C] (for 
the Cancel action). 


Note: In the menu interface, executing Save activates most 
parameter changes and saves them in the startup configuration 
(or flash) memory, and it is therefore not necessary to reboot the 
switch after making these changes. But if an asterisk appears 
next to any menu item you reconfigure, the switch will not 
activate or save the change for that item until you reboot the 
switch. In this case, rebooting should be done after you have 
made all desired changes and then returned to the Main Menu. 


7. When you finish editing parameters, return to the Main Menu. 
8.	 If necessary, reboot the switch by highlighting Reboot Switch in 
the Main Menu and pressing [Enter]. (See the Note, above.) 


Exit from a read-only 
Press [B] (for the Back action). 
screen. 
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To get Help on individual parameter descriptions. In most screens 
there is a Help option in the Actions line. Whenever any of the items in the 
Actions line is highlighted, press [H], and a separate help screen is displayed. 
For example: 


Pressing [H] or highlighting Help and 
pressing [Enter] displays Help for the 
parameters listed in the upper part of 
the screen 


Highlight on any item 
in the Actions line 
indicates that the 
Actions line is active. 


The Help line provides 
a brief descriptor of 
the highlighted Action 
item or parameter. 


Figure 3-5. Example Showing How To Display Help 


To get Help on the actions or data fields in each screen: Use the arrow 
keys ( [<], [>], [^], or [v] ) to select an action or data field. The help line under 
the Actions items describes the currently selected action or data field. 


For guidance on how to navigate in a screen: See the instructions provided 
at the bottom of the screen, or refer to “Screen Structure and Navigation” on 
page 3-9).) 
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Rebooting the Switch 


Rebooting the switch from the menu interface 


■	 
Terminates all current sessions and performs a reset of the operating 
system 


■ 
Activates any menu interface configuration changes that require a reboot 


■ 
Resets statistical counters to zero 


(Note that statistical counters can be reset to zero without rebooting the 
switch.) 


To Reboot the switch, use the Reboot Switch option in the Main Menu. (Note 
that the Reboot Switch option is not available if you log on in Operator mode; 
that is, if you enter an Operator password instead of a manager password at 
the password prompt.) 


Reboot Switch option 


Figure 3-6. The Reboot Switch Option in the Main Menu 
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Rebooting To Activate Configuration Changes. Configuration changes 
for most parameters in the menu interface become effective as soon as you 
save them. However, you must reboot the switch in order to implement a 
change in the Maximum VLANs to support parameter. (To access this parameter, go 
to the Main Menu and select: 


2. Switch Configuration 


8. VLAN Menu 


1. VLAN Support.) 


If you make configuration changes in the menu interface that require a reboot, 
the switch displays an asterisk (*) next to the menu item in which the change 
has been made. For example, if you change and save the value for the Maximum 
VLANs to support parameter, an asterisk appears next to the VLAN Support entry in 
the VLAN Menu screen (below), and also next to the Switch Configuration. . . entry 
in the Main Menu, as shown in figure 3-2 on page 3-6): 


Reminder to 
reboot the switch 
to activate 
configuration 
changes. 


Asterisk indicates 
a configuration 
change that 
requires a reboot 
in order to take 
effect. 


Figure 3-7. Indication of a Configuration Change Requiring a Reboot 


To activate changes indicated by the asterisk, go to the Main Menu and select 
the Reboot Switch option. 


Not e	 
Executing the write memory command in the CLI does not affect pending 
configuration changes indicated by an asterisk in the menu interface. That is, 
only a reboot from the menu interface or a boot or reload command from the 
CLI will activate a pending configuration change indicated by an asterisk. 
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Menu Features List 


Status and Counters 


• 
General System Information 


• 
Switch Management Address Information 


• 
Port Status 


• 
Port Counters 


• 
Address Table 


• 
Port Address Table 


• 
Spanning Tree Information 


Switch Configuration 


• 
System Information 


• 
Port/Trunk Settings 


• 
Network Monitoring Port 


• 
Spanning Tree Operation 


• 
IP Configuration 


• 
SNMP Community Names 


• 
IP authorized Managers 


• 
VLAN 
Menu 


Console Passwords 


Event Log 


Command Line (CLI) 


Reboot Switch 


Download OS 


Run Setup 


Stacking 


• 
Stacking Status (This Switch) 


• 
Stacking Status (All) 


• 
Stack Configuration 


• 
Stack Management (Available in Stack Commander Only) 


• 
Stack Access (Available in Stack Commander Only) 


Logout 
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Where To Go From Here 


This chapter provides an overview of the menu interface and how to use it. 
The following table indicates where to turn for detailed information on how 
to use the individual features available through the menu interface. 


Option: 
Turn to: 


To use the Run Setup option 


To use the HP ProCurve Stack Manager 


To view and monitor switch status and 
counters 


To learn how to configure and use 
passwords and other security features 


To learn how to use the Event Log 


To learn how the CLI operates 


To download software (the OS) 


For a description of how switch 
memory handles configuration 
changes 


For information on other switch 
features and how to configure them 


Refer to the Installation and Getting Started Guide 
shipped with the switch. 


Chapter 15, “HP ProCurve Stack Management” 


Appendix B, “Monitoring and Analyzing Switch 
Operation” 


Refer to the Access Security Guide for your 
switch. 


“Using Logging To Identify Problem Sources” on 
page C-21 


Chapter 4, “Using the Command Line Interface 
(CLI)” 


Appendix A, “File Transfers” 


“Switch Memory and Configuration” on page 6-1 


See the Table of Contents at the front of this 
manual. 
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Overview 


The CLI is a text-based command interface for configuring and monitoring the 
switch. The CLI gives you access to the switch’s full set of commands while 
providing the same password protection that is used in the web browser 
interface and the menu interface. 


Accessing the CLI 


Like the menu interface, the CLI is accessed through the switch console, and, 
in the switch’s factory default state, is the default interface when you start a 
console session. You can access the console out-of-band by directly 
connecting a terminal device to the switch, or in-band by using Telnet either 
from a terminal device or through the web browser interface. 


Also, if you are using the menu interface, you can access the CLI by selecting 
the Command Line (CLI) option in the Main Menu. 


Using the CLI 


The CLI offers these privilege levels to help protect the switch from unautho­ 
rized access: 


1. 
Operator 


2. 
Manager 


3. 
Global Configuration 


4. 
Context Configuration 


Not e 
CLI commands are not case-sensitive. 


When you use the CLI to make a configuration change, the switch writes the 
change to the Running-Config file in volatile memory. This allows you to test 
your configuration changes before making them permanent. To make changes 
permanent, you must use the write memory command to save them to the 
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Startup Config file in non-volatile memory. If you reboot the switch without 
first using write memory, all changes made since the last reboot or write memory 
(whichever is later) will be lost. For more on switch memory and saving 
configuration changes, see Chapter 6, “Switch Memory and Configuration”. 


Privilege Levels at Logon 


Privilege levels control the type of access to the CLI. To implement this 
control, you must set at least a Manager password. Without a Manager 
password configured, anyone having serial port, Telnet, or web browser 
access to the switch can reach all CLI levels. (For more on setting passwords, 
refer to the local manager and operator password chapter in the Access 
Security Guide for your switch.) 


When you use the CLI to log on to the switch, and passwords are set, you will 
be prompted to enter a password. For example: 


Password Prompt 


Figure 4-1. Example of CLI Log-On Screen with Password(s) Set 


In the above case, you will enter the CLI at the level corresponding to the 
password you provide (operator or manager). 


If no passwords are set when you log onto the CLI, you will enter at the 
Manager level. For example: 


HPswitch# _
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C a u t i o n 
HP strongly recommends that you configure a Manager password. If a Man­ 
ager password is not configured, then the Manager level is not password- 
protected, and anyone having in-band or out-of-band access to the switch may 
be able to reach the Manager level and compromise switch and network 
security. Note that configuring only an Operator password does not prevent 
access to the Manager level by intruders who have the Operator password. 


Pressing the Clear button on the front of the switch removes password 
protection. For this reason, it is recommended that you protect the switch 
from physical access by unauthorized persons. If you are concerned about 
switch security and operation, you should install the switch in a secure 
location, such as a locked wiring closet. 


Privilege Level Operation 


2. Manager Level 


3. Global Configuration 


Operator Privileges 


Manager Privileges 


1. Operator Level 


4. Context Configuration Level 


Figure 4-2. Access Sequence for Privilege Levels 


Operator Privileges 


At the Operator level you can examine the current configuration and move 
between interfaces without being able to change the configuration. A ">" 
character delimits the Operator-level prompt. For example: 


HPswitch> _ 
Example of the Operator prompt. 


When using enable to move to the Manager level, the switch prompts you for 
the Manager password if one has already been configured. 
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Manager Privileges 


Manager privileges give you three additional levels of access: Manager, Global 
Configuration, and Context Configuration. (See figure .) A "#" character 
delimits any Manager prompt. For example: 


HPswitch#_ 
Example of the Manager prompt. 


■	 
Manager level: Provides all Operator level privileges plus the ability to 
perform system-level actions that do not require saving changes to the 
system configuration file. The prompt for the Manager level contains only 
the system name and the "#" delimiter, as shown above. To select this 
level, enter the enable command at the Operator level prompt and enter 
the Manager password, when prompted. For example: 


HPswitch> enable Enter enable at the Operator prompt. 
HPswitch# _ 
The Manager prompt. 


■	 
Global Configuration level: Provides all Operator and Manager level 
privileges, and enables you to make configuration changes to any of the 
switch’s software features. The prompt for the Global Configuration level 
includes the system name and "(config)". To select this level, enter the 
config command at the Manager prompt. For example: 


HPswitch# _ 
Enter config at the Manager prompt. 
HPswitch(config)#_The Global Config prompt.) 


■	 
Context Configuration level: Provides all Operator and Manager 
privileges, and enables you to make configuration changes in a specific 
context, such as one or more ports or a VLAN. The prompt for the Context 
Configuration level includes the system name and the selected context. 
For example: 


HPswitch(eth-1)#
 


HPswitch(vlan-10)#
 


The Context level is useful, for example, if you want to execute several 
commands directed at the same port or VLAN, or if you want to shorten 
the command strings for a specific context area. To select this level, enter 
the specific context at the Global Configuration level prompt. For 
example, to select the context level for an existing VLAN with the VLAN 
ID of 10, you would enter the following command and see the indicated 
result: 


HPswitch(config)# vlan 10
 


HPswitch(vlan-10)#
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Changing Interfaces. If you change from the CLI to the menu interface, or 
the reverse, you will remain at the same privilege level. For example, entering 
the menu command from the Operator level of the CLI takes you to the 
Operator privilege level in the menu interface. 


Table 4-1. 
Privilege Level Hierarchy 


Privilege 
Level 


Example of Prompt and Permitted Operations 


Operator Privilege 


Operator 
HPswitch> 
show < command > 
Level 
setup 


ping < argument > 
link-test < argument > 


enable 


menu 


logout 


exit 


View status and configuration 
information. 


Perform connectivity tests. 


Move from the Operator level to the 
Manager level. 


Move from the CLI interface to the menu 
interface. 


Exit from the CLI interface and terminate 
the console session. 


Terminate the current session (same as 
logout). 


Manager Privilege 


Manager 
HPswitch# 
Perform system-level actions such as system control, monitoring, 
Level 
and diagnostic commands, plus any of the Operator-level 
commands. For a list of available commands, enter ? at the 
prompt. 


Global 
Configuration 
Level 


HPswitch(config)#	 
Execute configuration commands, plus all Operator and Manager 
commands . For a list of available commands, enter ? at the 
prompt. 


Context 
Configuration 
Level 


HPswitch(eth-5)#
 
HPswitch(vlan-100)#
 


Execute context-specific configuration commands, such as a 
particular VLAN or switch port. This is useful for shortening the 
command strings you type, and for entering a series of commands 
for the same context. For a list of available commands, enter ? at 
the prompt. 
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How To Move Between Levels 


Change in Levels 
Example of Prompt, Command, and Result 


Operator level 


to 


Manager level 


Manager level 


to 
Global configuration 
level 


Global configuration 
level 


to a 


Context configuration 
level 


Context configuration 
level 


to another 
Context configuration 
level 


Move from any level 
to the preceding level 


Move from any level 
to the Manager level 


HPswitch> enable
 
Password:_
 


After you enter enable, the Password 
prompt appears. After you enter the 
Manager password, the system prompt 
appears with the # symbol: 


HPswitch#_
 


HPswitch# config
 
HPswitch(config)#
 


HPswitch(config)# vlan 10
 
HPswitch(vlan-10)#
 


HPswitch(vlan-10)# interface e 3
 
HPswitch(int-3)#
 


The CLI accepts "e" as the abbreviated 
form of "ethernet". 


HPswitch(int-3)# exit
 
HPswitch(config)# exit
 
HPswitch# exit
 
HPswitch>
 


HPswitch(int-3)# end
 
HPswitch#
 


—or— 


HPswitch(config)# end
 
HPswitch#
 


Moving Between the CLI and the Menu Interface. When moving 
between interfaces, the switch retains the current privilege level (Manager or 
Operator). That is, if you are at the Operator level in the menu and select the 
Command Line Interface (CLI) option from the Main Menu, the CLI prompt 
appears at the Operator level. 


Changing Parameter Settings. Regardless of which interface is used (CLI, 
menu interface, or web browser interface), the most recently configured 
version of aparameter setting overrides any earlier settings for that parameter. 
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For example, if you use the menu interface to configure an IP address of “X” 
for VLAN 1 and later use the CLI to configure a different IP address of “Y” for 
VLAN 1, then “Y” replaces “X” as the IP address for VLAN 1 in the running­ 
config file. If you subsequently execute write memory in the CLI, then the 
switch also stores “Y” as the IP address for VLAN 1 in the startup-config file. 
(For more on the startup-config and running config files, see Chapter 6, 
“Switch Memory and Configuration”.) 


Listing Commands and Command Options 


At any privilege level you can: 


■ 
List all of the commands available at that level 


■ 
List the options for a specific command 


Listing Commands Available at Any Privilege Level 


At a given privilege level you can list and execute the commands that level 
offers, plus all of the commands available at preceding levels. For example, 
at the Operator level, you can list and execute only the Operator level 
commands. However, at the Manager level, you can list and execute the 
commands available at both the Operator and Manager levels. 


Type "?" To List Available Commands. 1.Typing the ? symbol lists the 
commands you can execute at the current privilege level. For example, 
typing ? at the Operator level produces this listing: 


Figure 4-3. Example of the Operator Level Command Listing 
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Typing ? at the Manager level produces this listing: 


When - - MORE - - appears, use the Space 
bar or [Return] to list additional 


Figure 4-4. Example of the Manager-Level Command Listing 


When - - MORE - - appears, there are more commands in the listing. To list the 
next set of commands, press the Space bar. To list the remaining commands 
one-by-one, repeatedly press [Enter]. 


Typing? at the Global Configuration level or the Context Configuration level 
produces similar results. In a particular context level, the first block of 
command in the listing are the commands that are most relevant to the current 
context. 


Use [Tab] To Search for or Complete a Command Word. You can use 
[Tab] to help you find CLI commands or to quickly complete the current word 
in a command. To do so, type one or more consecutive characters in a 
command and then press [Tab] (with no spaces allowed). For example, at the 
Global Configuration level, if you press [Tab] immediately after typing "t", the 
CLI displays the available command options that begin with "t". For example: 


HPswitch(config)# t [Tab]
 
telnet-server
 
time
 
trunk
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telnet
 
terminal
 
HPswitch(config)# t
 


As mentioned above, if you type part of a command word and press [Tab], the 
CLI completes the current word (if you have typed enough of the word for the 
CLI to distinguish it from other possibilities), including hyphenated exten­ 
sions. For example: 


HPswitch(config)# port [Tab] 
HPswitch(config)# port-security _ 


Pressing [Tab] after a completed command word lists the further options for 
that command. 


HPswitch(config)# stack [Tab] 
commander <commander-str> 
join <mac-addr> 
auto-join 
transmission-interval <integer> 
<cr> 


HPswitch(config)# stack
 


Command Option Displays 


Conventions for Command Option Displays. When you use the CLI to 
list options for a particular command, you will see one or more of the following 
conventions to help you interpret the command data: 


■ 
Braces (< >) indicate a required choice. 


■ 
Square brackets ([]) indicate optional elements. 


■ 
Vertical bars (|) separate alternative, mutually exclusive options in a 
command. 
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Listing Command Options. You can use the CLI to remind you of the 
options available for a command by entering command keywords followed 
by?. For example, suppose you want to see the command options for config­ 
uring port C5: 


This example displays the command options 
for configuring port C5 on the switch. 


Figure 4-5. Example of How To List the Options for a Specific Command 


Displaying CLI "Help" 


CLI Help provides two types of context-sensitive information: 


■ 
Command list with a brief summary of each command’s purpose 


■ 
Detailed information on how to use individual commands 


Displaying Command-List Help. You can display a listing of command 
Help summaries for all commands available at the current privilege level. That 
is, when you are at the Operator level, you can display the Help summaries 
only for Operator-Level commands. At the Manager level, you can display the 
Help summaries for both the Operator and Manager levels, and so on. 


Syntax: help 


For example, to list the Operator-Level commands with their purposes: 
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Figure 4-6. Example of Context-Sensitive Command-List Help 


Displaying Help for an Individual Command. You can display Help for 
any command that is available at the current context level by entering enough 
of the command string to identify the command, along with help. 


Syntax: < command-string > help 


For example, to list the Help for the interface command in the Global 
Configuration privilege level: 


Figure 4-7. Example of How To Display Help for a Specific Command 


A similar action lists the Help showing additional parameter options for a 
given command. The following example illustrates how to list the Help for an 
interface command acting on a specific port: 
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Figure 4-8. Example of Help for a Specific Instance of a Command 


Note that trying to list the help for an individual command from a privilege 
level that does not include that command results in an error message. For 
example, trying to list the help for the interface command while at the global 
configuration level produces this result: 


HPswitch# interface help 
Invalid input: interface 


Configuration Commands and the Context 
Configuration Modes 


You can execute any configuration command in the global configuration mode 
or in selected context modes. However, using a context mode enables you to 
execute context-specific commands faster, with shorter command strings. 


The configuration options include interface (port or trunk group) and VLAN 
context modes: 


Port or Trunk-Group Context . Includes port- or trunk-specific 
commands that apply only to the selected port(s) or trunk group, plus the 
global configuration, Manager, and Operator commands. The prompt for this 
mode includes the identity of the selected port(s): 


HPswitch(config)# interface e c3-c6 


HPswitch(config)# interface e trk1 


HPswitch(eth-C5-C8)# 
HPswitch(eth-Trk1)# 


Command executed at 
configuration level for 
entering port or trk1 static 
trunk-group context. 


Resulting prompt showing 
port or static trunk 
contexts. 
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HPswitch(eth-C5-C8)#?	 
Lists the commands you 
can use in the port or static 


HPswitch(eth-C5-C8)#?	 
trunk context, plus the 
Manager, Operator, and 
context commands you can 
execute at this level. 


In the port context, the first block of commands in the "?" 
listing show the context-specific commands that will affect 
only ports C3-C6. 


The remaining commands in the listing are Manager, 
Operator, and context commands. 


Figure 4-9. Context-Specific Commands Affecting Port Context 
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VLAN Context . Includes VLAN-specific commands that apply only to the 
selected VLAN, plus Manager and Operator commands. The prompt for this 
mode includes the VLAN ID of the selected VLAN. For example, if you had 
already configured a VLAN with an ID of 100 in the switch: 


HPswitch(config)# vlan 100	 
Command executed at configura­ 
tion level to enter VLAN 100 
context. 


HPswitch(vlan-100)#	 
Resulting prompt showing VLAN 
100 context. 


HPswitch(vlan-100)# ?	 
Lists commands you can use in the 
VLAN context, plus Manager, Oper­ 
ator, and context commands you 
can execute at this level. 


In the VLAN 
context, the 
first block of 
commands in 
the "?" listing 
show the 
commands that 
will affect only 
vlan-100. 


The remaining 
commands in 
the listing are 
Manager, 
Operator, and 
context 
commands. 


Figure 4-10. Context-Specific Commands Affecting VLAN Context 
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CLI Control and Editing
 


Keystrokes 
Function 


[Ctrl] [A] 
Jumps to the first character of the command line. 


[Ctrl] [B] or [<] 
Moves the cursor back one character. 


[Ctrl] [C] 
Terminates a task and displays the command prompt. 


[Ctrl] [D] 
Deletes the character at the cursor. 


[Ctrl] [E] 
Jumps to the end of the current command line. 


[Ctrl] [F] or [>] 
Moves the cursor forward one character. 


[Ctrl] [K] 
Deletes from the cursor to the end of the command line. 


[Ctrl] [L] or [Ctrl] [R] 
Repeats current command line on a new line. 


[Ctrl] [N] or [v] 
Enters the next command line in the history buffer. 


[Ctrl] [P] or [^] 
Enters the previous command line in the history buffer. 


[Ctrl] [U] or [Ctrl] [X] 
Deletes from the cursor to the beginning of the command line. 


[Ctrl] [W] 
Deletes the last word typed. 


[Esc] [B] 
Moves the cursor backward one word. 


[Esc] [D] 
Deletes from the cursor to the end of the word. 


[Esc] [F] 
Moves the cursor forward one word. 


[Delete] or 
Deletes the first character to the left of the cursor in the command 
[Backspace] 
line. 
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Overview 


The HP web browser interface built into the switch lets you easily access the 
switch from a browser-based PC on your network. This lets you do the 
following: 


■	 
Optimize your network uptime by using the Alert Log and other diagnostic 
tools 


■ 
Make configuration changes to the switch 


■ 
Maintain security by configuring usernames and passwords 


This chapter covers the following: 


■ 
General features (page 5-3). 


■ 
Starting a web browser interface session (page 5-4) 


■ 
Tasks for your first web browser interface session (page 5-7): 


•	 
Creating usernames and passwords in the web browser interface 
(page 5-8) 


•	 
Selecting the fault detection configuration for the Alert Log operation 
(page 5-23) 


•	 
Getting access to online help for the web browser interface (page 
5-11) 


■ 
Description of the web browser interface: 


• 
Overview window and tabs (page 5-15) 


• 
Port Utilization and Status displays (page 5-16) 


• 
Alert Log and Alert types (page 5-19) 


• 
Setting the Fault Detection Policy (page 5-23) 


Not e	 
If you want security beyond that achieved with user names and passwords, 
you can disable access to the web browser interface. This is done by either 
executing no web-management at the Command Prompt or changing the Web 
Agent Enabled parameter setting to No (page 7-4). 
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General Features 


The switch includes these web browser interface features: 


Switch Configuration: 


• 
Ports 


• 
VLANs and Primary VLAN 


• 
Fault detection 


• 
Port monitoring (mirroring) 


• 
System information 


• 
Enable/Disable Multicast Filtering (IGMP) and Spanning Tree 


• 
IP 


• 
Stacking 


• 
Support and management URLs 


Switch Security: Usernames and passwords 


Switch Diagnostics: 


• 
Ping/Link Test 


• 
Device reset 


• 
Configuration report 


Switch status 


• 
Port utilization 


• 
Port counters 


• 
Port 
status 


• 
Alert log 


Switch system information listing 
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Starting an HP Web Browser Interface 
Session with the Switch 


You can start a web browser session in the following ways: 


■	 
Using a standalone web browser on a network connection from a PC or 
UNIX workstation: 


• 
Directly connected to your network 


• 
Connected through remote access to your network 


■	 
Using a management station running HP TopTools for Hubs & Switches 
on your network 


Not e	 
Although TopTools recognizes the Switch 2626 as an SNMP device, custom­ 
ized device management is not supported for the Switch 2626 in HP TopTools 
for hubs and switches. 


Using a Standalone Web Browser in a PC or UNIX 
Workstation 


This procedure assumes that you have a supported web browser installed on 
your PC or workstation, and that an IP address has been configured on the 
switch. (For more on assigning an IP address, refer to “IP Configuration” on 
page 8-3.) 


1.	 Make sure the JavaTM applets are enabled for your browser. If they are 
not, use the options menu in your browser to do the following: 


• 
In Netscape, enable the Java and JavaScript options. 


• 
In Microsoft Internet Explorer, enable the Java Permissions. 


Refer to your selected browser’s online Help for specific information on 
enabling the Java applets. 


Not e :	 
The authorized IP managers list can be used to limit access to the Web 
interface to only select IP addresses. For more on this feature, refer to the 
chapter titled "Using Authorized IP Managers" in the Access Security Guide 
for your switch. 
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2.	 
Type the IP address (or DNS name) of the switch in the browser Location 
or Address field and press [Enter]. (It is not necessary to include 
http://.) 


switch4108 [Enter] 
Example of a DNS-type name. 


10.11.12.195 [Enter] 
Example of an IP address. 


If you are using a Domain Name Server (DNS), your device may have a 
name associated with it (for example, switch4108) that you can type in the 
Location or Address field instead of the IP address. Using DNS names 
typically improves browser performance. See your networkadministrator 
for any name associated with the switch. 


Using HP TopTools for Hubs & Switches 


HP TopTools for Hubs & Switches is designed for installation on a network 
management workstation. For this reason, the HP TopTools system require­ 
ments are different from the system requirements for accessing the switch’s 
web browser interface from a non-management PC or workstation. For HP 
TopTools requirements, refer to the information provided with HP TopTools 
for Hubs & Switches. 


Not e	 
Although TopTools recognizes the Switch 2626 as an SNMP device, custom­ 
ized device management is not supported for the Switch 2626 in HP TopTools 
for hubs and switches. 


This procedure assumes that: 


■	 
You have installed the recommended web browser on a PC or workstation 
that serves as your network management station. 


■	 
The networked device you want to access has been assigned an IP address 
and (optionally) a DNS name and has been discovered by HP TopTools 
for Hubs & Switches. (For more on assigning an IP address, refer to "IP 
Configuration" on page 8-3.) 


To establish a web browser session with HP TopTools running, do the 
following on the network management station: 


1.	 Make sure the JavaTM applets are enabled for your web browser. If they 
are not, refer to the web browser online Help for specific information on 
enabling the Java applets. 


2. 
Do one of the following tasks: 


•	 
On the HP TopTools Maps view, double-click on the symbol for the 
networking device that you want to access. 


•	 
In HP TopTools, in the Topology Information dialog box, in the device 
list, double-click on the entry for the device you want to access (IP 
address or DNS name). 
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3.	 
The web browser interface automatically starts with the Status Overview 
window displayed for the selected device, as shown in figure 5-1. 


Not e 
If the Registration window appears, click on the Status tab. 


Alert 
Log 


First-Time 
Install Alert 


Figure 5-1. Example of Status Overview Screen 


Not e	 
The above screen appears somewhat different if the switch is configured as a 
stack Commander. For an example, see figure 2-3 on page 2-5. 
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Tasks for Your First HP Web Browser 
Interface Session 


The first time you access the web browser interface, there are three tasks that 
you should perform: 


■ 
Review the “First Time Install” window 


■ 
Set Manager and Operator passwords 


■ 
Set access to the web browser interface online help 


Viewing the “First Time Install” Window 


When you access the switch’s web browser interface for the first time, the 
Alert log contains a “First Time Install” alert, as shown in figure 5-2. This gives 
you information about first time installations, and provides an immediate 
opportunity to set passwords for security and to specify a Fault Detection 
policy, which determines the types of messages that will be displayed in the 
Alert Log. 


Double click on First Time Install in the Alert log (figure 5-1 on page 5-6). The 
web browser interface then displays the “First Time Install” window, below. 


Figure 5-2.First-Time Install Window 
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This window is the launching point for the basic configuration you need to 
perform to set web browser interface passwords to maintain security and 
Fault Detection policy, which determines the types of messages that will be 
displayed in the Alert Log. 


To set web browser interface passwords, click on secure access to the device 
to display the Device Passwords screen, and then go to the next page. (You 
can also access the password screen by clicking on the Security tab.) 


To set Fault Detection policy, click on select the fault detection configuration in 
the second bullet in the window and go to the section, “Setting Fault Detection 
Policy” on page 5-23. (You can also access the password screen by clicking on 
the Configuration tab, and then [Fault Detection] button.) 


Creating Usernames and Passwords in the Browser 
Interface 


You may want to create both a username and password to create access 
security for your switch. There are two levels of access to the interface that 
can be controlled by setting user names and passwords: 


■	 
Operator. An Operator-level user name and password allows read-only 
access to most of the web browser interface, but prevents access to the 
Security window. 


■	 
Manager. A Manager-level user name and password allows full read/ 
write access to the web browser interface. 
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Figure 5-3. The Device Passwords Window 


To set the passwords: 


1. 
Access the Device Passwords screen by one of the following methods: 


•	 
If the Alert Log includes a “First Time Install” event entry, double 
click on this event, then, in the resulting display, click on the 
secure access to the device link. 


• 
Select the Security tab. 


2.	 
Click in the appropriate box in the Device Passwords window and enter 
user names and passwords. You will be required to repeat the password 
strings in the confirmation boxes. 


Both the user names and passwords can be up to 16 printable ASCII 
characters. 


3. Click on [Apply Changes] to activate the user names and passwords. 
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Not e	 
Passwords you assign in the web browser interface will overwrite previous 
passwords assigned in either the web browser interface, the Command 
Prompt, or the switch console. That is, the most recently assigned passwords 
are the switch’s passwords, regardless of which interface was used to assign 
the string. 


Using the Passwords 


Figure 5-4. Example of the Password Window in the Web Browser Interface 


The manager and operator passwords are used to control access to all switch 
interfaces. Once set, you will be prompted to supply the password every time 
you try to access the switch through any of its interfaces. The password you 
enter determines the capability you have during that session: 


■ 
Entering the manager password gives you full read/write capabilities 


■	 
Entering the operator password gives you read and limited write capabil­ 
ities. 


Using the User Names 


If you also set user names in the web browser interface screen, you must 
supply the correct user name for web browser interface access. If a user name 
has not been set, then leave the User Name field in the password window 
blank. 


Note that the Command Prompt and switch console interfaces use only the 
password, and do not prompt you for the User Name. 
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If You Lose a Password 


If you lose the passwords, you can clear them by pressing the Clear button on 
the front of the switch. This action deletes all password and user name 
protection from all of the switch’s interfaces. 


The Clear button is provided for your convenience, but its presence means 
that if you are concerned with the security of the switch configuration and 
operation, you should make sure the switch is installed in a secure location, 
such as a locked wiring closet. 


Online Help for the HP Web Browser Interface 


Online Help is available for the web browser interface. You can use it by 
clicking on the question mark button in the upper right corner of any of the 
web browser interface screens. 


The Help Button 


Figure 5-5. The Help Button 


Context-sensitive help is provided for the screen you are on. 


Not e	 
If you do not have HP TopTools for Hubs and Switches installed on your 
network and do not have an active connection to the World Wide Web, then 
Online help for the web browser interface will not be available. 


For more on Help access and operation, refer to “Help and the Management 
Server URL” on page 5-13. 
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Support/Mgmt URLs Feature 


The Support/Mgmt URLs window enables you to change the World Wide Web 
Universal Resource Locator (URL) for two functions: 


n 
Support URL – a support information site for your switch 


n	 
Management Server URL – the site for online help for the web browser 
interface, and,if set up, the URL ofa network management station running 
HP TopTools for Hubs & Switches. 


3. Enter URLs for: 
- the support information source you want the switch to access 
when you click on the web browser interface Support tab – the 
default is HP’s ProCurve network products World Wide Web 
home page 
- the URL of the network Management server or other 
source of the online help files for this web browser inter- 
face. (The default accesses Help on HP’s World Wide Web site.) 


1. Click Here 


2. Click Here 


4. Click on Apply Changes 


Figure 5-6. 
The Default Support/Mgmt URLs Window 
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Support URL 


This is the site that the switch accesses when you click on the Support tab on 
the web browser interface. The default URL is: 


http://www.hp.com/go/procurve 


which is the World Wide Web site for Hewlett-Packard’s networking products. 


Click on the [Support] button on that page and you can get to support informa­ 
tion regarding your switch, including white papers, operating system (OS) 
updates, and more. 


You could instead enter the URL for a local site that you use for entering 
reports about network performance, or whatever other function you would 
like to be able to easily access by clicking on the [Support] tab. 


Help and the Management Server URL 


This field specifies which of the following two locations the switch will use to 
find online Help for the web browser interface: 


n 
The URL of online Help provided by HP on the world wide web 


n	 
The URL of a network management station running HP TopTools for Hubs 
& Switches 


Providing Online Help. The Help files are automatically available if you 
install HP TopTools for Hubs & Switches on your network or if you already 
have Internet access to the World Wide Web. (The Help files are included with 
HP TopTools for Hubs & Switches, and are also automatically available from 
HP via the World Wide Web.) 


Retrieval of the Help files is controlled by automatic entries to the Management 
Server URL field on the Configuration / Support/Mgmt URLs screen, shown in 
figure 5-6. The switch is shipped with the URL set to retrieve online Help from 
the HP World Wide Web site. However, if HP TopTools for Hubs & Switches is 
installed on a management station on your network and discovers the switch, 
the Management Server URL is automatically changed to retrieve the Help 
from your TopTools management station. 


Not e	 
Although TopTools recognizes the Switch 2626 as an SNMP device, custom­ 
ized device management is not supported for the Switch 2626 in HP TopTools 
for hubs and switches. 
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If Online Help Fails To Operate. Do one of the following: 


■	 
If HP TopTools for Hubs & Switches is installed and running on your 
network, enter the IP address or DNS name of the network management 
station in the Management Server URL field shown in figure 5-7 on page 
5-14. 


■	 
If you have World Wide Web access from your PC or workstation, and do 
not have HP TopTools installed on your network, enter the following URL 
in the Management Server URL field shown in figure 5-7 on page 5-14: 


http://www.hp.com/rnd/device_help 


Enter IP address of HP TopTools network 
management station, or URL of location of 
help files on HP’s World Wide Web site here. 


Figure 5-7. How To Access Web Browser Interface Online Help 


Policy Management and Configuration. HP Top Tools for Hubs & 
Switches can perform network-wide policy management and configuration of 
your switch. The Management Server URL field identifies the management 
station that is performing that function. For more information, refer to the 
documentation provided on the HP TopTools for Hubs & Switches CD shipped 
with the switch. 
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Status Reporting Features 


Browser elements covered in this section include:
 


■ 
The Overview window (below)
 


■ 
Port utilization and status (page 5-16)
 


■ 
The Alert log (page 5-19)
 


■ 
The Status bar (page 5-22)
 


The Overview Window 


The Overview Window is the home screen for any entry into the web browser 
interface.The following figure identifies the various parts of the screen. 


Alert Log 
Control Bar 


Port Utiliza- 
tion Graphs 
(page 5-16) 


Active Tab 
Active Button 


Alert Log 
(page 5-19) 


Port Status 
Indicators 
(page 5-18) 


Button Bar 


Tab Bar 


Status Bar 
(page 5-22) 


Figure 5-8. The Overview Window 
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The Port Utilization and Status Displays 


The Port Utilization and Status displays show an overview of the status of the 
switch and the amount of network activity on each port. The following figure 
shows a sample reading of the Port Utilization and Port Status. 


Port Status Indicators 


Port Utilization Bar Graphs 
Bandwidth Display Control 


Legend 


Figure 5-9. The Graphs Area 


Port Utilization 


The Port Utilization bar graphs show the network traffic on the port with a 
breakdown of the packet types that have been detected (unicast packets, non­ 
unicast packets, and error packets). The Legend identifies traffic types and 
their associated colors on the bar graph: 


■	 
% Unicast Rx & All Tx: This is all unicast traffic received and all 
transmitted traffic of any type. This indicator (a blue color on many 
systems) can signify either transmitted or received traffic. 


■	 
% Non-Unicast Pkts Rx: All multicast and broadcast traffic received by 
the port. This indicator (a gold color on many systems) enables you to 
know “at-a-glance” the source of any non-unicast traffic that is causing 
high utilization of the switch. For example, if one port is receiving heavy 
broadcast or multicast traffic, all ports will become highly utilized. By 
color-coding the received broadcast and multicast utilization, the bar 
graph quickly and easily identifies the offending port. This makes it faster 
and easier to discover the exact source of the heavy traffic because you 
don’t have to examine port counter data from several ports. 


■	 
% Error Pkts Rx: All error packets received by the port. (This indicator 
is a reddish color on many systems.) Although errors received on a port 
are not propagated to the rest of the network, a consistently high number 
of errors on a specific port may indicate a problem on the device or 
network segment connected to the indicated port. 
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■	 
Maximum Activity Indicator: As the bars in the graph area change 
height to reflect the level of network activity on the corresponding port, 
they leave an outline to identify the maximum activity level that has been 
observed on the port. 


Utilization Guideline. A network utilization of 40% is considered the 
maximum that a typical Ethernet-type network can experience before encoun­ 
tering performance difficulties. If you observe utilization that is consistently 
higher than 40% on any port, click on the Port Counters button to get a detailed 
set of counters for the port. 


To change the amount of bandwidth the Port Utilization bar graph 
shows. Click on the bandwidth display control button inthe upper left corner 
of the graph. (The button shows the current scale setting, such as 40%.) In the 
resulting menu, select the bandwidth scale you want the graph to show (3%, 
10%, 25%, 40%, 75%, or 100%), as shown in figure figure 5-10. 


Note that when viewing activity on a gigabit port, you may want to select a 
lower value (such as 3% or 10%). This is because the bandwidth utilization of 
current network applications on gigabit links is typically minimal, and may 
not appear on the graph if the scale is set to show high bandwidth utilization. 


Figure 5-10. Changing the Graph Area Scale 


To display values for each graph bar. Hold the mouse cursor over any of 
the bars in the graph, and a pop-up display is activated showing the port 
identification and numerical values for each of the sections of the bar, as 
shown in figure 5-11 (next). 


Figure 5-11. Display of Numerical Values for the Bar 
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Port Status 


Port Status Indicators 


Legend 


Figure 5-12. The Port Status Indicators and Legend 


The Port Status indicators show a symbol for each port that indicates the 
general status of the port. There are four possible statuses: 


■	 
Port Connected – the port is enabled and is properly connected to an 
active network device. 


■	 
Port Not Connected – the port is enabled but is not connected to an 
active network device. A cable may not be connected to the port, or the 
device at the other end may be powered off or inoperable, or the cable or 
connected device could be faulty. 


■	 
Port Disabled – the port has been configured as disabled through the 
web browser interface, the switch console, or SNMP network manage­ 
ment. 


■	 
Port Fault-Disabled – a fault condition has occurred on the port that 
has caused it to be auto-disabled. Note that the Port Fault-Disabled 
symbol will be displayed in the legend only if one or more of the ports is 
in that status. See appendix B, “Monitoring and Analyzing Switch Opera­ 
tion” for more information. 
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The Alert Log 


The web browser interface Alert Log, shown in the lower half of the screen, 
shows a list of network occurrences, or alerts, that were detected by the 
switch. Typical alerts are Broadcast Storm, indicating an excessive number of 
broadcasts received on a port, and Problem Cable, indicating a faulty cable. A 
full list of alerts is shown in the table on page 5-20. 


Figure 5-13.Example of the Alert Log 


Each alert has the following fields of information: 


■	 
Status – The level of severity of the event generated. Severity levels can 
be Information, Normal, Warning, and Critical. If the alert is new (has not 
yet been acknowledged), the New symbol is also in the Status column. 


■ 
Alert – The specific event identification. 


■	 
Date/Time – The date and time the event was received by the web 
browser interface. This value is shown in the format: DD-MM-YY 
HH:MM:SS AM/PM, for example, 16-Sep-99 7:58:44 AM. 


■	 
Description – A short narrative statement that describes the event. For 
example, Excessive CRC/Alignment errors on port: 8. 


Sorting the Alert Log Entries 


The alerts are sorted, by default, by the Date/Time field with the most recent 
alert listed at the top of the list. The second most recent alert is displayed 
below the top alert and so on. If alerts occurred at the same time, the 
simultaneous alerts are sorted by order in which they appear in the MIB. 


The alert field that is being used to sort the alert log is indicated by which 
column heading is in bold. You can sort by any of the other columns by clicking 
on the column heading. The Alert and Description columns are sorted alpha­ 
betically, while the Status column is sorted by severity type, with more critical 
severity indicators appearing above less critical indicators. 
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The following table lists the types of alerts that can be generated. 


Table 5-1. 
Alert Strings and Descriptions 


Alert String 
Alert Description 


First Time Install 
Important installation information for your switch. 


Too many undersized/ 
giant packets 


A device connected to this port is transmitting packets shorter than 64 bytes or longer than 
1518 bytes (longer than 1522 bytes if tagged), with valid CRCs (unlike runts, which have invalid 
CRCs). 


Excessive jabbering 
A device connected to this port is incessantly transmitting packets (“jabbering”), detected as 
oversized packets with CRC errors. 


Excessive CRC/alignment 
errors 


A high percentage of data errors has been detected on this port. Possible causes include: 
• Faulty cabling or invalid topology. 
• Duplex mismatch (full-duplex configured on one end of the link, half-duplex configured on 
the other) 
• A malfunctioning NIC, NIC driver, or transceiver 


Excessive late collisions 
Late collisions (collisions detected after transmitting 64 bytes) have been detected on this 
port. Possible causes include: 
• An overextended LAN topology 
• Duplex mismatch (full-duplex configured on one end of the link, half-duplex configured on 
the other) 
• A misconfigured or faulty device connected to the port 


High collision or drop rate A large number of collisions or packet drops have occurred on the port. Possible causes 
include: 
• A extremely high level of traffic on the port 
• Duplex mismatch 
• A misconfigured or malfunctioning NIC or transceiver on a device connected to this port 
• A topology loop in the network 


Excessive broadcasts 
An extremely high percentage of broadcasts was received on this port. This degrades the 
performance of all devices connected to the port. Possible causes include: 
• A network topology loop—this is the usual cause 
• A malfunctioning device, NIC, NIC driver, or software package 


Loss of Link 
Lost connection to one or multiple devices on the port. 


Loss of stack member 
The Commander has lost the connection to a stack member. 
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Not e	 
When troubleshooting the sources of alerts, it may be helpful to check the 
switch’s Port Status and Port Counter windows and the Event Log in the 
console interface. 


Viewing Detail Views of Alert Log Entries 


By double clicking on Alert Entries, the web browser interface displays a 
Detail View or separate window detailing information about the events. The 
Detail View contains a description of the problem and a possible solution. It 
also provides four management buttons: 


■ 
Acknowledge Event – removes the New symbol from the log entry 


■ 
Delete Event – removes the alert from the Alert Log 


■	 
Cancel Button – closes the detail view with no change to the status of 
the alert and returns you to the Overview screen. 


A sample Detail View describing an Excessive CRC/Alignment Error alert is 
shown here. 


Figure 5-14.Example of Alert Log Detail View 
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The Status Bar 


The Status Bar is displayed in the upper left corner of the web browser 
interface screen. Figure 5-15 shows an expanded view of the status bar. 


Status Indicator 
Most Critical Alert Description 


Product Name 


Figure 5-15. Example of the Status Bar 


The Status bar consists of four objects: 


■	 
Status Indicator. Indicates, by icon, the severity of the most critical alert 
in the current display of the Alert Log. This indicator can be one of three 
shapes and colors as shown in the following table. 


Table 5-2.Status Indicator Key 


Color 
Switch Status 
Status Indicator Shape 


Blue 
Normal Activity; "First time installation" 
information available in the Alert log. 


Green 
Normal Activity 


Yellow 
Warning 


Red 
Critical 


■	 
System Name. The name you have configured for the switch by using 
Identity screen, system name command, or the switch console System 
Information screen. 


■	 
Most Critical Alert Description. A brief description of the earliest, 
unacknowledged alert with the current highest severity in the Alert Log, 
appearing in the right portion of the Status Bar. In instances where 
multiple critical alerts have the same severity level, only the earliest 
unacknowledged alert is deployed in the Status bar. 
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■	 
Product Name. The product name of the switch to which you are 
connected in the current web browser interface session. 


Setting Fault Detection Policy 


One of the powerful features in the web browser interface is the Fault 
Detection facility. For your switch, this feature controls the types of alerts 
reported to the Alert Log based on their level of severity. 


Set this policy in the Fault Detection window (figure 5-16). 


Figure 5-16. The Fault Detection Window 


The Fault Detection screen contains a list box for setting fault detection and 
response policy. You set the sensitivity level at which a network problem 
should generate an alert and send it to the Alert Log. 


To provide the most information on network problems in the Alert Log, the 
recommended sensitivity level for Log Network Problems is High Sensitivity. The 
Fault Detection settings are: 
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■	 
High Sensitivity. This policy directs the switch to send all alerts to the 
Alert Log. This setting is most effective on networks that have none or 
few problems. 


■	 
Medium Sensitivity. This policy directs the switch to send alerts related 
to network problems to the Alert Log. If you want to be notified of 
problems which cause a noticeable slowdown on the network, use this 
setting. 


■	 
Low Sensitivity. This policy directs the switch to send only the most 
severe alerts to the Alert Log. This policy is most effective on a network 
that normally has a lot of problems and you want to be informed of only 
the most severe ones. 


■	 
Never. Disables the Alert Log and transmission of alerts (traps) to the 
management server (in cases where a network management tool such as 
HP TopTools for Hubs & Switches is in use). Use this option when you 
don’t want to use the Alert Log. 


The Fault Detection Window also contains three Change Control Buttons: 


■	 
Apply Changes. This button stores the settings you have selected for all 
future sessions with the web browser interface until you decide to change 
them. 


■	 
Clear Changes. This button removes your settings and returns the 
settings for the list box to the level it was at in the last saved detection- 
setting session. 


■	 
Reset to Default Settings. This button reverts the policy setting to 
Medium Sensitivity for Log Network Problems. 
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Overview 


This chapter describes: 


■ 
How switch memory manages configuration changes 


■ 
How the CLI implements configuration changes 


■	 
How the menu interface and web browser interface implement configu­ 
ration changes 


■	 
How the switch provides OS (operating system) options through primary/ 
secondary flash image options 


■	 
How to use the switch’s primary and secondary flash options, including 
displaying flash information, booting or restarting the switch, and other 
topics 


Overview of Configuration File 
Management 


The switch maintains two configuration files, the running-config file and the 
startup-config file. 


Running-Config File 
(Controls switch operation. When the switch reboots, 
the contents of this file are erased and replaced by the 
contents of the startup-config file.) 


Startup-Config File 
(Preserves the most recently saved configuration 
through any subsequent reboot.) 


Volatile Memory 


Flash (Non-Volatile) Memory 


CLI configuration 
changes are written to 
this file. To use the CLI to 
save the latest version of 
this file to the startup
 
config file, you must 
execute the write 
memory command. 


Menu interface configu
 
ration changes are simul
 
taneously written to both 
of these files. 


Figure 6-1. Conceptual Illustration of Switch Memory Operation 
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■	 
Running Config File: Exists in volatile memory and controls switch 
operation. If no configuration changes have been made in the CLI since 
the switch was last booted, the running-config file is identical to the 
startup-config file. 


■	 
Startup-config File: Exists in flash (non-volatile) memory and is used 
to preserve the most recently-saved configuration as the "permanent" 
configuration. 


Rebooting the switch replaces the current running-config file with a new 
running-config file that is an exact copy of the current startup-config file. 


Not e 
Any of the following actions reboots the switch: 


• 
Executing the boot or the reload command in the CLI 


• 
Executing the Reboot command in the menu interface 


• 
Pressing the Reset button on the front of the switch 


• 
Removing, then restoring power to the switch 


For more on reboots and the switch’s dual-flash images, see “Using Primary 
and Secondary Flash Image Options” on page 6-12. 


Options for Saving a New Configuration. Making one or more changes 
to the running-config file creates a new operating configuration. Saving a new 
configuration means to overwrite (replace) the currentstartup-config file with 
the current running-config file. This means that if the switch subsequently 
reboots for any reason, it will resume operation using the new configuration 
instead of the configuration previously defined in the startup-config file. There 
are three ways to save a new configuration: 


■	 
In the CLI: Use the write memory command. This overwrites the current 
startup-config file with the contents of the current running-config file. 


■	 
In the menu interface: Use the Save command. This overwrites both the 
running-config file and the startup-config file with the changes you have 
specified in the menu interface screen. 


■	 
In the web browser interface: Use the Apply Changes button or other 
appropriate button. This overwrites both the running-config file and the 
startup-config file with the changes you have specified in the web browser 
interface window. 


Note that using the CLI instead of the menu or web browser interface gives 
you the option of changing the running configuration without affecting the 
startup configuration. This allows you to test the change without making it 
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"permanent". When you are satisfied that the change is satisfactory, you can 
make it permanent by executing the write memory command. For example, 
suppose you use the following command to disable port 5: 


HPswitch(config)# interface ethernet 5 disable
 


The above command disables port 5 in the running-config file, but not in the 
startup-config file. Port 5 remains disabled only until the switch reboots. If 
you want port 5 to remain disabled through the next reboot, use write memory 
to save the current running-config file to the startup-config file in flash 
memory. 


HPswitch(config)# write memory
 


If you use the CLI to make a configuration change and then change from the 
CLI to the Menu interface without first using write memory to save the change 
to the startup-config file, then the switch prompts you to save the change. For 
example, if you use the CLI to create VLAN 20, and then select the menu 
interface, VLAN 20 is configured in the running-config file, but not in the 
startup-config file. In this case you will see: 


HPswitch(config)# vlan 20
 
HPswitch(config)# menu
 
Do you want to save current configuration [y/n]?
 


If you type [Y], the switch overwrites the startup-config file with the running­ 
config file, and your configuration change(s) will be preserved across reboots. 
If you type [N], your configuration change(s) will remain only in the running­ 
config file. In this case, if you do not subsequently save the running-config file, 
your unsaved configuration changes will be lost if the switch reboots for any 
reason. 


Storing and Retrieving Configuration Files. You can store or retrieve a 
backup copy of the startup-config file on another device. For more informa­ 
tion, see appendix A, "Transferring an Operating System or Startup-Config 
File" 
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Using the CLI To Implement 
Configuration Changes 


The CLI offers these capabilities: 


■ 
Access to the full set of switch configuration features 


■ 
The option of testing configuration changes before making them perma­ 
nent 


How To Use the CLI To View the Current Configuration Files. Use 
show commands to view the configuration for individual features, such as port 
status or Spanning Tree Protocol. However, to view either the entire startup­ 
config file or the entire running-config file, use the following commands: 


■ 
show config — Displays a listing of the current startup-config file. 


■ 
show running-config — Displays a listing of the current running-config file. 


■ 
write terminal — Displays a listing of the current running-config file. 


■ 
show config status — Compares the startup-config file to the running­ 
config file and lists one of the following results: 


• 
If the two configurations are the same you will see: 
– 
Running configuration is the same as the startup 
configuration. 


• 
If the two configurations are different, you will see: 
–	 Running configuration has been changed and needs 
to be saved.
 


Not e	 
Show config, show running-config, and write terminal commands display the 
configuration settings that differ from the switch’s factory-default configura­ 
tion. 


How To Use the CLI To Reconfigure Switch Features. Use this proce­ 
dureto permanentlychange the switchconfiguration (that is, to enter a change 
in the startup-config file). 


1.	 
Use the appropriate CLI commands to reconfigure the desired switch 
parameters. This updates the selected parameters in the running-config 
file. 


2.	 
Use the appropriate show commands to verify that you have correctly 
made the desired changes. 
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3.	 
Observe the switch’s performance with the new parameter settings to 
verify the effect of your changes. 


4.	 
When you are satisfied that you have the correct parameter settings, use 
the write memory command to copy the changes to the startup-config file. 


Syntax: 
write memory 


For example, the default port mode setting is auto. Suppose that your network 
uses Cat 3 wiring and you want to connect the switch to another autosensing 
device capable of 100 Mbps operation. Because 100 Mbps over Cat 3 wiring 
can introduce transmission problems, the recommended port mode is auto-10, 
which allows the port to negotiate full- or half-duplex, but restricts speed to 
10 Mbps. The following command configures port A5 to auto-10 mode in the 
running-config file, allowing you to observe performance on the link without 
making the mode change permanent. 


HPswitch(config)# interface e a5 speed-duplex auto-10
 


After you are satisfied that the link is operating properly, you can save the 
change to the switch’s permanent configuration (the startup-config file) by 
executing the following command: 


HPswitch(config)# write memory
 


The new mode (auto-10) on port A5 is now saved in the startup-config file, and 
the startup-config and running-config files are identical. If you subsequently 
reboot the switch, the auto-10 mode configuration on port A5 will remain 
because it is included in the startup-config file. 


How To Cancel Changes You Have Made to the Running-Config File. 


If you use the CLI to change parameter settings in the running-config file, and 
then decide that you don’t want those changes to remain, you can use either 
of the following methods to remove them: 


■ 
Manually enter the earlier values you had for the changed settings. (This 
is recommended if you want to restore a small number of parameter 
settings to their previous boot-up values.) 


■ 
Update the running-config file to match the startup-config file by reboot­ 
ing the switch. (This is recommended if you want to restore a larger 
number of parameter settings to their previous boot-up values.) 


If you use the CLI to change a parameter setting, and then execute the boot 
command without first executing the write memory command to save the 
change, the switch prompts you to specify whether to save the changes in the 
current running-config file. For example: 
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HPswitch(config)# interface e 1 disable 
HPswitch(config)# boot 
Device will be rebooted, do you want to continue [y/n]? y 


Do you want to save current configuration [y/n]? 


Press [Y] to continue the rebooting process. 


You will then see this prompt. 


Disables port 1 in the running configuration, which causes port 1 to block all traffic. 


Figure 6-2.Boot Prompt for an Unsaved Configuration 


The above prompt means that one or more parameter settings in the running­ 
config file differ from their counterparts in the startup-config file and you need 
to choose which config file to retain and which to discard. 


■ 
If you want to update the startup-config file to match the running-config 
file, press [Y] for "yes". (This means that the changes you entered in the 
running-config file will be saved in the startup-config file.) 


■ 
If you want to discard the changes you made to the running-config file so 
that it will match the startup-config file, then press [N] for "no". (This means 
that the switch will discard the changes you entered in the running-config 
file and will update the running-config file to match the startup-config 
file.) 


Not e	 
If you use the CLI to make a change to the running-config file, you should 
either use the write memory command or select the save option allowed during 
a reboot (figure 6-2, above) to save the change to the startup-config file. That 
is, if you use the CLI to change a parameter setting, but then reboot the switch 
from either the CLI or the menu interface without first executing the write 
memory command in the CLI, the current startup-config file will replace the 
running-config file, and any changes in the running-config file will be lost. 


Using the Save command in the menu interface does not save a change made 
to the running config by the CLI unless you have also made a configuration 
change in the menu interface. Also, the menu interface displays the current 
running-config values. Thus, where a parameter setting is accessible from both 
the CLI and the menu interface, if you change the setting in the CLI, the new 
value will appear in the menu interface display for that parameter. However, 
as indicated above, unless you also make a configuration change in the 
menu interface, only the write memory command in the CLI will actually save 
the change to the startup-config file. 


6-7 


Switch Memory and Configuration 
Using the Menu and Web Browser Interfaces To Implement Configuration Changes 


How To Reset the startup-config and running-config Files to the 
Factory-Default Configuration. This command reboots the switch, 
replacing the contents of the current startup-config and running-config files 
with the factory-default startup configuration. 


Syntax: 
erase startup-config 


For example: 


HPswitch(config)# erase startup-config
 
Configuration will be deleted and device rebooted, continue [y/n]?
 


Figure 6-3.Resetting to the Factory-Default Configuration 


Press [Y] to replace the current configuration with the factory default config­ 
uration and reboot the switch. Press [N] to retain the current configuration and 
prevent a reboot. 


Using the Menu and Web Browser 
Interfaces To Implement Configuration 
Changes 


The menu and web browser interfaces offer these advantages: 


■ 
Quick, easy menu or window access to a subset of switch configuration 
features (See the "Menu Features List" on page 3-14 and the web browser 
"General Features" list on page.) 


■ 
Viewing several related configuration parameters in the same screen, with 
their default and current settings 


■ 
Immediately changing both the running-config file and the startup-config 
file with a single command 


Configuration Changes Using the Menu Interface 


You can usethe menu interface to simultaneously save and implement a subset 
of switch configuration changes without having to reboot the switch. That is, 
when you save a configuration change in the menu interface, you simulta­ 
neously change both the running-config file and the startup-config file. 
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Not e	 
The only exception to this operation are two VLAN-related parameter changes 
that require a reboot—described under "Rebooting To Activate Configuration 
Changes" on page 6-11. 


Using Save and Cancel in the Menu Interface 


For any configuration screen in the menu interface, the Save command: 


1. 
Implements the changes in the running-config file. 


2. 
Saves your changes to the startup-config file. 


If you decide not to save and implement the changes in the screen, select 
Cancel to discard them and continue switch operation with the current oper­ 
ation. For example, suppose you have made the changes shown below in the 
System Information screen: 


To save and 
implement the 
changes for all 
parameters in this 
screen, press the 
[Enter] key, then 
press [S] (for Save). 
To cancel all 
changes, press the 
[Enter] key, then 
press [C] (for Cancel) 


Figure 6-4.	 Example of Pending Configuration Changes that Can Be Saved or 
Cancelled 
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Not e	 
If you reconfigure a parameter in the CLI and then go to the menu interface 
without executing a write memory command, those changes are stored only in 
the running configuration. If you then execute a switch reboot command in 
the menu interface, the switch discards the configuration changes made while 
using the CLI. To ensure that changes made while using the CLI are saved, 
execute write memory in the CLI before rebooting the switch. 


Rebooting from the Menu Interface 


■	 
Terminates the current session and performs a reset of the operating 
system 


■ 
Activates any configuration changes that require a reboot 


■ 
Resets statistical counters to zero 


(Note that statistical counters can be reset to zero without rebooting the 
switch. See “Displaying Port Counters” on “To Display the Port Counter 
Summary Report” on page B-11.) 


To Reboot the switch, use the Reboot Switch option in the Main Menu. (Note 
that the Reboot Switch option is not available if you log on in Operator mode; 
that is, if you enter an Operator password instead of a manager password at 
the password prompt.) 


Reboot Switch option 


Figure 6-5. The Reboot Switch Option in the Main Menu 
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Rebooting To Activate Configuration Changes. Configuration changes 
for most parameters become effective as soon as you save them. However, 
you must reboot the switch in order to implement a change in the Maximum 
VLANs to support parameter. 


(To access these parameters, go to the Main menu and select 2. Switch 
Configuration, then 8. VLAN Menu, then 1. VLAN Support.) 


If configuration changes requiring a reboot have been made, the switch 
displays an asterisk (*) next to the menu item in which the change has been 
made. For example, if you change and save parameter values for the Maximum 
VLANs to support parameter, an asterisk appears next to the VLAN Support entry in 
the VLAN Menu screen, and also next to the Switch Configuration . . . entry in the 
Main menu, as shown in figure 4-6: 


Reminder to 
reboot the switch 
to activate 
configuration 
changes. 


Asterisk indicates 
a configuration 
change that 
requires a reboot 
in order to take 
effect. 


Figure 6-6. Indication of a Configuration Change Requiring a Reboot 


Configuration Changes Using the Web Browser 
Interface 


You can use the web browser interface to simultaneously save and implement 
a subset of switch configuration changes without having to reboot the switch. 
That is, when you save a configuration change (in most cases, by clicking on 
Apply Changes or Apply Settings, you simultaneously change both the running­ 
config file and the startup-config file. 


Not e	 
If you reconfigure a parameter in the CLI and then go to the browser interface 
without executing a write memory command, those changes will be saved to 
the startup-config file if you click on Apply Changes or Apply Settings in the web 
browser interface. 
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Using Primary and Secondary Flash 
Image Options 


The switch features two flash memory locations for storing system image 
(operating system, or OS) files: 


■ 
Primary Flash: The default storage for OS (system image) files. 


■	 
Secondary Flash: The additional storage for either a redundant or an 
alternate OS (system image) file. 


With the Primary/Secondary flash option you can test a new image in your 
system without having to replace a previously existing image. You can also 
use the image options for troubleshooting. For example, you can copy a 
problem image into Secondary flash for later analysis and place another, 
proven image in Primary flash to run your system. The switch can use only 
one image at a time. 


The following tasks involve primary/secondary flash options: 


■	 
Displaying the current flash image data and determining which OS ver­ 
sions are available 


■ 
OS downloads 


■ 
Local OS replacement, and removal (erasing) 


■ 
System booting 


Displaying the Current Flash Image Data 


Use the commands in this section to: 


■	 
Determine whether there are flash images in both primary and secondary 
flash 


■	 
Determine whether the images in primary and secondary flash are the 
same 


■ 
Identify which OS version is currently running 


Viewing the Currently Active Flash Image Version. This command 
identifies the software version on which the switch is currently running, and 
whether the active version was booted from the primary or secondary flash 
image. 


Syntax: 
show version 
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For example, if the switch is using an OS version of G.01.01 stored in Primary 
flash, show version produces the following: 


Figure 6-7. Example Showing the Identity of the Current Flash Image 


Determining Whether the Flash Images Are Different Versions. If the 
flash image sizes in primary and secondary are the same, then in almost every 
case, the primary and secondary images are identical. This command provides 
a comparison of flash image sizes, plus the boot ROM version and from which 
flash image the switch booted. For example, in the following case, the images 
are different versions of the OS software (flash image) and the switch is 
running on the version stored in the secondary flash image: 


The unequal code 
size and differing 
dates indicate two 
different versions of 
the OS software. 


Figure 6-8. Example Showing Different Flash Image Versions 


Determining Which Flash Image Versions Are Installed. The show ver- 
sion command displays which software version the switch is currently running 
and whether that version booted from primary or secondary flash. Thus, if the 
switch booted from primary flash, you will see the version number of the OS 
image stored in primary flash, and if the switch booted from secondary flash, 
you will see the version number of the OS version stored in secondary flash. 
Thus, by using show version, then rebooting the switch from the opposite flash 
image and using show version again, you can determine the version of the OS 
image in both flash sources. For example: 
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1. In this example show 
version indicates the 
switch has version G.05.01 
in primary flash. 


2. After the boot system 
command, show version 
indicates that version 
G.05.00 is in secondary 
flash. 


Figure 6-9. Determining the OS Version in Primary and Secondary Flash 


OS Downloads 


The following table shows the switch’s options for downloading an OS to flash 
and booting the switch from flash 


Table 6-1. 
Primary/Secondary Memory Access 


Action 
Menu 
CLI 
Web 
Browser 


SNMP 


Download to Primary 
Yes 
Yes 
Yes 
Yes 


Download to Secondary 
No 
Yes 
No 
Yes 


Boot from Primary 
Yes 
Yes 
Yes 
Yes 


Boot from Secondary 
No 
Yes 
No 
Yes 


The different OS download options involve different copy commands, plus 
xmodem, and tftp. These topics are covered in Appendix A, “File Transfers”. 


Download Interruptions. In most cases, if a power failure or other cause 
interrupts a flash image download, the switch reboots with the image previ­ 
ously stored in primary flash. In the unlikely event that the primary image is 
corrupted, as a result of an interruption, the switch will reboot from secondary 
flash and you can either copy the secondary image into primary or download 
another image to primary from an external source. See Appendix A, “File 
Transfers”. 
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Local OS Replacement and Removal 


This section describes commands for erasing an OS (flash image) and copying 
an existing OS between primary and secondary flash. 


Not e	 
It is not necessary to erase the content of a flash location before downloading 
another OS file. The process automatically overwrites the previous file with 
the new file. If you want to remove an unwanted OS version from flash, HP 
recommends that you do so by overwriting it with the same OS version that 
you are using to operate the switch, or with another acceptable OS version. 
To copy an OS image file between the primary and secondary flash locations, 
see “Copying an OS Image from One Flash Location to Another” , below. 


The local commands described here are for flash image management within 
the switch. To download an OS image file from an external source, see 
Appendix A, “File Transfers”. 


Copying an OS Image from One Flash Location to Another. When you 
copy the flash image from primary to secondary or the reverse, the switch 
overwrites the file in the destination location with a copy of the file from the 
source location. This means you do not have to erase the current image at the 
destination location before copying in a new image. 


C a u t i o n 
Verify that there is an acceptable OS image in the source flash location from 
which you are going to copy. Use the show flash command or, if necessary, the 
procedure under “Determining Which Flash Image Versions Are Installed” on 
page 6-13 to verify an acceptable OS image. Attempting to copy from a source 
image location that has a corrupted flash image overwrites the image in the 
destination flash location. In this case, the switch will not have a valid flash 
image in either flash location, but will continue running on a temporary flash 
image in RAM. Do not reboot the switch. Instead, immediately download 
another valid flash image to primary or secondary flash. Otherwise, if the 
switch is rebooted without an OS image in either primary or secondary flash, 
the temporary flash image in RAM will be cleared and the switch will go down. 
Torecover, see “Restoring a Flash Image” on page C-41 (in the Troubleshooting 
chapter). 


Syntax: 
copy flash flash <destination flash> 


where: destination flash = primary or secondary: 


For example, to copy the image in secondary flash to primary flash: 
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1.	 
Verify that there is a valid flash image in the secondary flash location. The 
following figure indicates that an OS image is present in secondary flash. 
(If you are unsure whether the image is secondary flash is valid, try 
booting from it before you proceed, by using boot system flash secondary.) 


The unequal code 
size, differing dates, 
and differing 
version numbers 
indicates two 
different versions of 
the OS software. 


Figure 6-10. Example Indicating Two Different OS Versions in Primary and 
Secondary Flash 


Execute the copy command as follows: 


HPswitch(config)# copy flash flash primary 


Erasing the Contents of Primary or Secondary Flash. This command 
deletes the OS image file from the specified flash location. 


C a u t i o n - - N o 
U n d o !
 


Before using this command in one flash image location (primary or second­ 
ary), ensure that you have a valid OS file in the other flash image location 
(secondary or primary). If the switchhas only one flash image loaded (in either 
primary or secondary flash) and you erase that image, then the switch does 
not have an OS stored in flash. In this case, if you do not reboot or power cycle 
the switch, you can recover by using xmodem or tftp to download another OS. 


Syntax: 
erase flash < primary | secondary > 


For example, to erase the OS in primary flash, do the following: 


1.	 
First verify that a usable flash image exists in secondary flash. The most 
reliable way to ensure this is to reboot the switch from the flash image 
you want to retain. For example, if you are planning to erase the primary 
image, then first reboot from the secondary image to verify that the 
secondary image is present and acceptable for your system: 


HPswitch# boot system flash secondary 


2. 
Then erase the OS in the selected flash (in this case, primary): 
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The prompt shows which flash 
location will be erased. 


Figure 6-11. Example of Erase Flash Prompt 


3. 
Type y at the prompt to complete the flash erase. 


4. 
Use show flash to verify erasure of the selected OS flash image 


The "0" here 
shows that 
primary flash has 
been erased. 


Figure 6-12. Example of Show Flash Listing After Erasing Primary Flash 


Rebooting the Switch 


The switch offers reboot options through the boot and reload commands, plus 
the options inherent in a dual-flash image system. Generally, using boot 
provides more comprehensive self-testing; using reload gives you a faster 
reboot time. 


Table 6-2. 
Comparing the Boot and Reload Commands 


Actions 
Included In 
Boot? 


Included In 
Reload 


Note 


Save all configuration 
Optional, 
Yes, 
Config changes saved to the 


changes since the last boot 
or reload 


with prompt 
automatic 
startup-config file 


Perform all system self-tests Yes 
No	 
Reload provides a faster system 
reboot. 


Choice of primary or 
Yes 
No—Uses 


secondary	 
the current 
flash image. 
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Booting from Primary Flash. This command alwaysboots the switch from 
primary flash, and executes the complete set of subsystem self-tests. 


Syntax: 
boot 


For example, to boot the switch from primary flash with pending configuration 
changes in the running-config file: 


Figure 6-13. Example of Boot Command (Default Primary Flash) 


In the above example, typing either a y or n at the second prompt initiates the 
reboot operation. Also, if there are no pending configuration changes in the 
running-config file, then the reboot commences without the pause to display 
Boot from primary flash. 


Booting from a Specified Flash. This version of the boot command gives 
you the option of specifying whether to reboot from primary or secondary 
flash, and is the required command for rebooting from secondary flash. This 
option also executes the complete set of subsystem self-tests. 


Syntax: 
boot system flash < primary | secondary > 


For example, to reboot the switch from secondary flash when there are no 
pending configuration changes in the running-config file: 


Figure 6-14. Example of Boot Command with Primary/Secondary Flash Option 


In the above example, typing either a y or n at the second prompt initiates the 
reboot operation. Also, if there are no pending configuration changes in the 
running-config file, then the reboot commences without the pause to display 
Boot from secondary flash. 
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Booting from the Current OS Version. Reload reboots the switch from 
the flash image on which the switch is currently running, and saves to the 
startup-config file any configuration changes currently in the running-config 
file. Because reload bypasses some subsystem self-tests, the switch reboots 
faster than if you use either of the boot command options. 


Syntax: 
reload 


For example, if you change the number of VLANs the switch supports, you 
must reboot the switch in order to implement the change. Reload automati­ 
cally saves your configuration changes and reboots the switch from the same 
OS you have been using: 


Figure 6-15.Using Reload with Pending Configuration Changes 


Operating Notes 


Default Boot Source. The switch reboots from primary flash by default 
unless you specify the secondary flash. 


Boot Attempts from an Empty Flash Location. In this case, the switch 
aborts the attempt and displays 


Image does not exist
 
Operation aborted.
 


Interaction of Primary and Secondary Flash Images with the Current 
Configuration. The switch has one startup-config file (page 6-2), which it 
always uses for reboots, regardless of whether the reboot is from primary or 
secondary flash. Also, for rebooting purposes, it is not necessary for the OS 
and the startup-config file to support identical software features. For example, 
suppose you have just downloaded an OS upgrade that includes new features 
that are not supported in the OS you used to create the current startup-config 
file. In this case, the OS simply assigns factory-default values to the parame­ 
ters controlling the new features. Similarly, If you create a startup-config file 
while using a version "Y" of the OS, and then reboot the switch with an earlier 
OS version "X" that does not include all of the features found in "Y", the OS 
simply ignores the parameters for any features that it does not support. 
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Overview 


This chapter describes how to:
 


■ 
View and modify the configuration for switch interface access
 


■ 
Use the CLI kill command to terminate a remote session
 


■ 
View and modify switch system information
 


For help on how to actually use the interfaces built into the switch, refer to:
 


■ 
Chapter 3, “Using the Menu Interface”
 


■ 
Chapter 4, “Using the Command Line Interface (CLI)”
 


■ 
Chapter 5, Using the HP Web Browser Interface”
 


Why Configure Interface Access and System Information? The inter-
 
face access features in the switch operate properly by default. However, you 
can modify or disable access features to suit your particular needs. Similarly,
 
you can choose to leave the system information parameters at their default 
settings. However, modifying these parameters can help you to more easily 
distinguish one device from another in your network.
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Interface Access: Console/Serial Link, 
Web, and Telnet 


Interface Access Features 


Feature 
Default 
Menu 
CLI 
Web 


Inactivity Time
 
0 Minutes 
(disabled) 


page 7-4 
page 7-6 
— 


Inbound Telnet Access 
Enabled 
page 7-4 
page 7-5 
— 


Outbound Telnet Access 
n/a 
— 
page 7-6 
— 


Web Browser Interface Access 
Enabled 
page 7-4 
page 7-6 
— 


Terminal type 
VT-100 
— 
page 7-6 
— 


Event Log event types to list 
All 
— 
page 7-6 
— 


(Displayed Events) 


Baud Rate 
Speed Sense 
— 
page 7-6 
— 


Flow Control 
XON/XOFF 
— 
page 7-6 
— 


In most cases, the default configuration is acceptable for standard operation. 


Not e	 
Basic switch security is through passwords. You can gain additional security 
using IP authorized managers. However if unauthorized access to the switch 
through in-band means (Telnet or the web browser interface), then you can 
disallow in-band access (as described in this section) and install the switch in 
a locked environment. 
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Menu: Modifying the Interface Access 


The menu interface enables you to modify these parameters:
 


■ 
Inactivity Time-out
 


■ 
Inbound Telnet Enabled
 


■ 
Web Agent Enabled
 


To Access the Interface Access Parameters: 


1. 
From the Main Menu, Select... 


2. Switch Configuration... 


1. System Information 


Interface Access 
Parameters 


Figure 7-1. The Default Interface Access Parameters Available in the Menu Interface 


2. 
Press [E] (for Edit). The cursor moves to the System Name field. 


3.	 
Use the arrow keys ([v], [^], [<], [>]) to move to the parameters you want 
to change. 


Refer to the online help provided with this screen for further information 
on configuration options for these features. 


4.	 
When you have finished making changes to the above parameters, press 
[Enter], then press [S] (for Save). 
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CLI: Modifying the Interface Access 


Interface Access Commands Used in This Section 


show console 
below 


[no] telnet-server 
below 


[no] web-management 
page 7-6 


console 
page 7-6 


Listing the Current Console/Serial Link Configuration. This com­ 
mand lists the current interface access parameter settings. 


Syntax: 
show console 


This example shows the switch’s default console/serial configuration. 


Interface Access 
Enable/Disable 


Console Control 
Options 


Event Log Event 
Types To List 


Figure 7-2. Listing of Show Console Command 


Reconfigure Inbound Telnet Access. In the default configuration, 
inbound Telnet access is enabled. 


Syntax: 
[no] telnet-server 


To disable inbound Telnet access: 


HPswitch(config)# no telnet-server 


To re-enable inbound Telnet access: 


HPswitch(config)# telnet-server 
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Outbound Telnet to Another Device. This feature operates indepen­ 
dently of the telnet-server status and enables you to Telnet to another device 
that has an IP address. 


Syntax: 
telnet < ip-address > 


For example: 


HPswitch # telnet 10.28.27.204
 


Reconfigure Web Browser Access. In the default configuration, web 
browser access is enabled. 


Syntax: [no] web-management 


To disable web browser access: 


HPswitch(config)# no web-management 


To re-enable web browser access: 


HPswitch(config)# web-management 


Reconfigure the Console/Serial Link Settings. You can reconfigure one 
or more console parameters with one console command. 


Syntax: 
console 
[terminal <vt100 | ansi>] 
[screen-refresh <1 | 3 | 5 | 10 | 20 | 30 | 45 | 60>] 
[baud-rate 


<speed-sense | 1200 | 2400 | 4800 | 9600 | 19200 |38400 | 57600>] 
[flow-control <xon/xoff | none>] 
[inactivity-timer <0 1 5 10 15 20 30 60 120>] 
[events <none | all | non-info | critical | debug] 


Not e	 
If you change the Baud Rate or Flow Control settings for the switch, you 
should make the corresponding changes in your console access device. Oth­ 
erwise, you may lose connectivity between the switch and your terminal 
emulator due to differences between the terminal and switch settings for these 
two parameters. 


All console parameter changes except events require that you save the config­ 
uration with write memory and then execute boot before the new console 
configuration will take effect. 


For example, to use one command to configure the switch with the following: 
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■ 
VT100 operation
 


■ 
19,200 baud
 


■ 
No flow control
 


■ 
10-minute inactivity time
 


■ 
Critical log events
 


you would use the following command sequence: 


The switch implements the Event Log change immediately. The switch implements 
the other console changes after executing write memory and reload. 


Figure 7-3. Example of Executing the Console Command with Multiple Parameters 


You can also execute a series of console commands and then save the 
configuration and boot the switch. For example: 


Configure 
the 
individual 
parameters. 


Save the 
changes. 


Boot the 
switch. 


Figure 7-4. Example of Executing a Series of Console Commands 
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Denying Interface Access by Terminating 
Remote Management Sessions 


The switch supports up to four management sessions. You can use show ip ssh 
to list the current management sessions, and kill to terminate a currently 
running remote session. (Kill does not terminate a Console session on the 
serial port, either through a direct connection or via a modem.) 


Syntax: 
kill [<session-number>] 


For example, if you are using the switch’s serial port for a console session and 
want to terminate a currently active Telnet session, you would do the follow­ 
ing: 


Session 2 is an active 
Telnet session. 


The kill 2 command 
terminates session 2. 


Figure 7-5. Example of Using the "Kill" Command To Terminate a Remote Session 
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System Information 


System Information Features 


Feature 
Default 
Menu 
CLI 
Web 


System Name 
switch product 
name 


System Contact 
n/a 


System Location 
n/a 


MAC Age Time 
300 seconds 


Time Sync Method 
None 


Time Zone 
0 


Daylight Time Rule 
None 


Time 
January 1, 1990 at 
00:00:00 at last 
power reset 


page 
page 
page 


7-10 
7-12 
7-14 


page 
page 
page 


7-10 
7-12 
7-14 


page 
page 
page 


7-10 
7-12 
7-14 


page 
page 
— 


7-10 
7-13 


See Chapter 9, “Time Protocols”. 


page 
page 
— 


7-10 
7-13 


page 
page 
— 


7-10 
7-13 


— 
page 
— 
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Configuring system information is optional, but recommended. 


System Name: Using a unique name helps you to identify individual devices 
in stacking environments and where you are using an SNMP network manage­ 
ment tool such as HP TopTools for Hubs & Switches. 


System Contact and Location: This information is helpful for identifying 
the person administratively responsible for the switch and for identifying the 
locations of individual switches. 


MAC Age Interval: The number of seconds a MAC address the switch has 
learned remains in the switch’s address table before being aged out (deleted). 
Aging out occurs when there has been no traffic from the device belonging to 
that MAC address for the configured interval. 


Time Sync Method: Selects the method (TimeP or SNTP) the switch will use 
for time synchronization. For more on this topic, refer to Chapter 9, “Time 
Protocols”. 
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Time Zone: The number of minutes your time zone location is to the 
West (-) or East (+) of Coordinated Universal Time (formerly GMT). The 
default 0 means no time zone is configured. For example, Berlin, Germany is
 
in the +1 zone, while Vancouver, Canada is in the -8 zone.
 


Daylight Time Rule: Specifies the daylight savings time rule to apply for your 
location. The default is None. (For more on this topic, see appendix E, 
“Daylight Savings Time on HP ProCurve Switches.)
 


Time: Used in the CLI to specify the time of day, the date, and other system 
parameters.
 


Menu: Viewing and Configuring System Information 


To access the system information parameters: 


1. 
From the Main Menu, Select... 


2. Switch Configuration... 


1. System Information 


System Information 


Figure 7-6. The System Information Configuration Screen (Default Values) 


Not e	 
To help simplify administration, it is recommended that you configure 
System Name to a character string that is meaningful within your system. 


2. 
Press [E] (for Edit). The cursor moves to the System Name field. 
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System Information 


3.	 
Refer to the online help provided with this screen for further information 
on configuration options for these features. 


4.	 
When you have finished making changes to the above parameters, press 
[Enter], then press [S] (for Save) and return to the Main Menu. 


CLI: Viewing and Configuring System Information 


System Information Commands Used in This Section 


show system-information 
below 


hostname 
below 


snmp-server 
below 


[contact] [location] 


mac-age-time 
page 7-13 


time 


time zone 
page 7-13 


daylight-time-rule 
page 7-13 


date 
page 7-13 


time 


Listing the Current System Information. This command lists the current 
system information settings. 


Syntax: 
show system-information 


This example shows the switch’s default console configuration. 


Figure 7-7. Example of CLI System Information Listing 
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Configure a System Name, Contact, and Location for the Switch. To 
help distinguish one switch from another, configure a plain-language identity 
for the switch. 


Syntax:	 
hostname <name-string> 
snmp-server [contact <system contact>] [location <system location>] 


Both fields allow up to 48 characters. Blank spaces are not allowed in the 
variables for these commands. 


For example, to name the switch “Blue” with “Ext-4474” as the system contact, 
and “North-Data-Room” as the location: 


New hostname, contact, 
and location data from 
previous commands. 


Additional System 
Information 


Figure 7-8. System Information Listing After Executing the Preceding Commands 
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Reconfigure the Age Time for Learned MAC Addresses. This com­ 
mand corresponds to the MAC Age Interval in the menu interface, and is 
expressed in seconds. 


Syntax: 
mac-age-time <10 . . 1000000> (seconds) 


For example, to configure the age time to seven minutes: 


HPswitch(config)# mac-age-time 420
 


Configure the Time Zone and Daylight Time Rule. These commands: 


■ 
Set the time zone you want to use 


■	 
Define the daylight time rule for keeping the correct time when daylight- 
saving-time shifts occur. 


Syntax:	 
time timezone <-720 . . 840> 
time daylight-time-rule <none | alaska | continental-us-and-canada | 
middle-europe-and-portugal | southern-hemisphere | western-europe | 
user-defined> 


East of the 0 meridian, the sign is “+”. West of the 0 meridian, the sign is “-”. 


For example, the time zone setting for Berlin, Germany is +60 (zone +1, or 60 
minutes), and the time zone setting for Vancouver, Canada is -480 (zone -8, or 
-480 minutes). Toconfigure the time zone and daylight time rule for Vancouver, 
Canada: 


HPswitch(config)# time timezone -480 daylight-time-rule 
continental-us-and-canada
 


Configure the Time and Date. The switch uses the time command to con- 
figure both the time of day and the date. Also, executing time without param­ 
eters lists the switch’s time of day and date. Note that the CLI uses a 24-hour 
clock scheme; that is, hour (hh) values from 1 p.m. to midnight are input as 
13 - 24, respectively. 


Syntax: time [hh:mm[:ss]] [mm/dd/ [yy]yy] 


For example, to set the switch to 9:45 a.m. on November 17, 2002: 


HPswitch(config)# time 9:45 11/17/02
 


Not e 
Executing reload or boot resets the time and date to their default startup values. 
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Web: Configuring System Parameters 


In the web browser interface, you can enter the following system information:
 


■ 
System Name
 


■ 
System Location
 


■ 
System Contact
 


For access to the MAC Age Interval and the Time parameters, use the menu 
interface or the CLI.
 


Configure System Parameters in the Web Browser Interface. 


1. 
Click on the Configuration tab. 


2. 
Click on System Info. 


3. 
Enter the data you want in the displayed fields. 


4. 
Implement your new data by clicking on Apply Changes. 


To access the web-based help provided for the switch, click on [?] in the web 
browser screen. 
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Using Friendly (Optional) Port Names 


Feature 
Default 
Menu 
CLI 
Web 


Configure Friendly Port Names 
Standard Port 
n/a 
page 16 
n/a 


Numbering 


Display Friendly Port Names 
n/a 
n/a 
page 18 
n/a 


This feature enables you to assign alphanumeric port names of your choosing 
to augment automatically assigned numeric port names. This means you can 
configure meaningful port names to make it easier to identify the source of 
information listed by some Show commands. (Note that this feature augments 
port numbering, but does not replace it.) 


Configuring and Operating Rules for Friendly Port 
Names 


■	 
At either the global or context configuration level you can assign a unique 
name to any port on the switch. You can also assign the same name to 
multiple ports. 


■	 
The friendly port names you configure appear in the output of the show 
name [port-list], show config, and show interface <port-number> commands. 
They do not appear in the output of other show commands or in Menu 
interface screens. (See “Displaying Friendly Port Names with Other Port 
Data” on page 7-18.) 


■	 
Friendly port names are not a substitute for port numbers in CLI com­ 
mands or Menu displays. 


■	 
Trunking ports together does not affect friendly naming for the individual 
ports. (If you want the same name for all ports in a trunk, you must 
individually assign the name to each port.) 


■	 
A friendly port name can have up to 64 contiguous alphanumeric charac­ 
ters. 


■	 
Blank spaces within friendly port names are not allowed, and if used, 
cause an invalid input error. (The switch interprets a blank space as a name 
terminator.) 


■	 
In a port listing, not assigned indicates that the port does not have a name 
assignment other than its fixed port number. 


7-15 


Interface Access, System Information, and Friendly Port Names 
Using Friendly (Optional) Port Names 


■	 
To retain friendly port names across reboots, you must save the current 
running-configuration to the startup-config file after entering the friendly 
port names. (In the CLI, use the write memory command.) 


Configuring Friendly Port Names 


Syntax: interface [e] <port-list> name <port-name-string> 
Assigns a port name to port-list. 


no interface [e] <port-list> name 
Deletes the port name from port-list. 


Configuring a Single Port Name. Suppose that you have connected port 
A3 on the switch to Bill Smith’s workstation, and want to assign Bill’s name 
and workstation IP address (10.25.101.73) as a port name for port A3: 


Figure 7-9. Example of Configuring a Friendly Port Name 


7-16 


Interface Access, System Information, and Friendly Port Names 


Using Friendly (Optional) Port Names 


Configuring the Same Name for Multiple Ports. Suppose that you want 
to use ports A5 through A8 as a trunked link to a server used by a drafting 
group. In this case you might configure ports A5 through A8 with the name 
"Draft-Server:Trunk". 


Figure 7-10. Example of Configuring One Friendly Port Name on Multiple Ports 


7-17 


Interface Access, System Information, and Friendly Port Names 
Using Friendly (Optional) Port Names 


Displaying Friendly Port Names with Other Port Data 


You can display friendly port name data in the following combinations: 


■ 
show name: Displays a listing of port numbers with their corresponding 
friendly port names and also quickly shows you which ports do not have 
friendly name assignments. (show name data comes from the running­ 
config file.) 


■ 
show interface <port-number>: Displays the friendly port name, if any, along 
with the traffic statistics for that port. (The friendly port name data comes 
from the running-config file.) 


■ 
show config: Includes friendly port names in the per-port data of the 
resulting configuration listing. (show config data comes from the startup­ 
config file.) 


To List All Ports or Selected Ports with Their Friendly Port Names. 


This command lists names assigned to a specific port. 


Syntax: 
show name [port-list] 
Lists the friendly port name with its corresponding port 
number and port type. The show name command alone lists 
this data for all ports on the switch. 


For example: 


Friendly port names 
assigned in previous 
examples. 


Ports Without 
"Friendly" Name 


Figure 7-11. Example of Friendly Port Name Data for All Ports on the Switch 
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Port Without a "Friendly" 
Name 


Friendly port names 
assigned in previous 
examples. 


Figure 7-12. Example of Friendly Port Name Data for Specific Ports on the Switch 


Including Friendly Port Names in Per-Port Statistics Listings. A 
friendly port name configured to a port is automatically included when you 
display the port’s statistics output. 


Syntax: 
show interface <port-number> 
Includes the friendly port name with the port’s traffic 
statistics listing. 


For example, if you configure port A1 with the name "O’Connor_10.25.101.43", 
the show interface output for this port appears similar to the following: 


Friendly Port 
Name 


Figure 7-13. Example of a Friendly Port Name in a Per-Port Statistics Listing 
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For a given port, if a friendly port name does not exist in the running-config 
file, the Name line in the above command output appears as: 


Name : not assigned 


To Search the Configuration for Ports with Friendly Port Names. 


This option tells you which friendly port names have been saved to the startup­ 
config file. (show config does not include ports that have only default settings 
in the startup-config file.) 


Syntax: 
show config 
Includes friendly port names in a listing of all interfaces 
(ports) configured with non-default settings. Excludes 


ports 
that have neither a friendly port name nor any other 
non-default configuration settings. 


For example, if you configure port A1 with a friendly port name: 


This command sequence 
saves the friendly port name 
for port A1 in the startup	 
config file, but does not do so 
for the name entered for port 
A2. 


In this case, show config lists 
only port A1. Executing write 
mem after entering the name for 
port A2, and then executing 
show config again would result 
in a listing that includes both 


Listing includes friendly 
port name for port A1 
only. 


Figure 7-14. Example Listing of the Startup-Config File with a Friendly Port Name Configured (and Saved) 
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Overview 


You can configure IP addressing through all of the switch’s interfaces. You can 
also: 


■ 
Easily edit a switch configuration file to allow downloading the file to 
multiple switches without overwriting each switch’s unique gateway and 
VLAN 1 IP addressing. 


■ 
Assign up to seven secondary IP addresses to a VLAN (multinetting) 


Why Configure IP Addressing? In its factory default configuration, the 
switch operates as a multiport learning bridge with network connectivity 
provided by the ports on the switch. However, to enable specific management 
access and control through your network, you will need IP addressing. Table 
8-1 on page 8-12 shows the switch features that depend on IP addressing to 
operate. 
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IP Configuration Features 


Feature 
Default 
Menu 
CLI 
Web 


IP Address and Subnet Mask 
DHCP/Bootp 
page 8-5 
page 8-7 
page 8-11 


Multiple IP Addresses on a VLAN 
n/a 
page 8-9 


Default Gateway Address 
none 
page 8-5 
page 8-7 
page 8-11 


Packet Time-To-Live (TTL) 
64 seconds 
page 8-5 
page 8-7 
n/a 


Time Server (Timep) 
DHCP 
page 8-5 
page 8-7 
n/a 


IP Address and Subnet Mask. Configuring the switch with an IP address 
expands your ability to manage the switch and use its features. By default, the 
switch is configured to automatically receive IP addressing on the default 
VLAN from a DHCP/Bootp server that has been configured correctly with 
information to support the switch. (Refer to “DHCP/Bootp Operation” on page 
8-12 for information on setting up automatic configuration from a server.) 
However, if you are not using a DHCP/Bootp server to configure IP addressing, 
use the menu interface or the CLI to manually configure the initial IP values. 
After you have network access to a device, you can use the web browser 
interface to modify the initial IP configuration if needed. 


For information on how IP addressing affects switch performance, refer to 
“How IP Addressing Affects Switch Operation” on page 8-11. 


Multinetting: Assigning Multiple IP Addresses to a VLAN. For a given 
VLAN you can assign one primary IP address and up to seven secondary IP 
addresses. This allows you to combine two or more subnets on the same 
VLAN, which enables devices in the combined subnets to communicate 
normally through the network without needing to reconfigure the IP address­ 
ing in any of the combined subnets. 


Default Gateway Operation. The default gateway is required when a 
router is needed for tasks such as reaching off-subnet destinations or forward­ 
ing traffic across multiple VLANs. The gateway value is the IP address of the 
next-hop gateway node for the switch, which is used if the requested destina­ 
tion address is not on a local subnet/VLAN. If the switch does not have a 
manually-configured default gateway and DHCP/Bootp is configured on the 
primary VLAN, then the default gateway value provided by the DHCP or Bootp 
server will be used. If the switch has a manually configured default gateway, 
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then the switch uses this gateway, even if a different gateway is received via 
DHCP or Bootp on the primary VLAN. (This is also true for TimeP and a non- 
default Time-To-Live.) See “Notes” on page 8-4 and “The Primary VLAN” on 
page 12-6. 


Packet Time-To-Live (TTL) . This parameter specifies how long in sec­ 
ondsan outgoing packet should existin the network. In most cases, the default 
setting (64 seconds) is adequate. 


Just Want a Quick Start with IP Addressing? 


If you just want to give the switch an IP address so that it can communicate 
on your network, or if you are not using VLANs, HP recommends that you use 
the Switch Setup screen to quickly configure IP addressing. To do so, do one 
of the following: 


■ 
Enter setup at the CLI Manager level prompt. 


HPswitch# setup
 


■ 
Select 8. Run Setup in the Main Menu of the menu interface. 


For more on using the Switch Setup screen, see the Installation and Getting 
Started Guide you received with the switch. 


IP Addressing with Multiple VLANs 


In the factory-default configuration, the switch has one, permanent default 
VLAN (named DEFAULT_VLAN) that includes all ports on the switch. Thus, 
when only the default VLAN exists in the switch, if you assign an IP address 
and subnet mask to the switch, you are actually assigning the IP addressing 
to the DEFAULT_VLAN. 


Not e s 
■	 
If multiple VLANs are configured, then each VLAN can have its own IP 
address. This is because each VLAN operates as a separate broadcast 
domain and requires a unique IP address and subnet mask. A default 
gateway (IP) address for the switch is optional, but recommended. 


■	 
In the factory-default configuration, the default VLAN (named 
DEFAULT_VLAN) is the switch’s primary VLAN. The switch uses the 
primary VLAN for learning the default gateway address, (packet) Time- 
To-Live (TTL), and Timep via DHCP or Bootp. (Other VLANs can also use 
DHCP or BootP to acquire IP addressing. However, the switch’s gateway, 
TTL, and TimeP values will be acquired through the primary VLAN only.) 
For more on VLANs, refer to “Port-Based Virtual LANs (Static VLANs)” 
on page 12-3. 
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■ 
The IP addressing used in the switch should be compatible with your 
network. That is, the IP address must be unique and the subnet mask must 
be appropriate for your IP network. 


■	 
If you plan to connect to other networks that use globally administered 
IP addresses, refer to “Globally Assigned IP Network Addresses” on page 
8-20. 


■	 
If you change the IP address through either Telnet access or the web 
browser interface, the connection to the switch will be lost. You can 
reconnect by either restarting Telnet with the new IP address or entering 
the new address as the URL in your web browser. 


IP Addressing in a Stacking Environment 


If you are installing the switch into an HP ProCurve stack management 
environment, entering an IP address may not be required. See appendix 15, 
"HP ProCurve Stack Management" for more information. 


Menu: Configuring IP Address, Gateway, and Time-To- 
Live (TTL) 


Do one of the following: 


■	 
To manually enter an IP address, subnet mask, set the IP Config parameter 
to Manual and then manually enter the IP address and subnet mask values 
you want for the switch. 


■	 
To use DHCP or Bootp, use the menu interface to ensure that the IP Config 
parameter is set to DHCP/Bootp, then refer to “DHCP/Bootp Operation” on 
page 8-12. 


To Configure IP Addressing. 


1. 
From the Main Menu, Select. 


2. Switch Configuration ... 


5. IP Configuration 


Not e	 
If multiple VLANs are configured, a screen showing all VLANs appears instead 
of the following screen. 
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For descriptions of these 
parameters, see the 
online Help for this 
screen. 


Before using the DHCP/ 
Bootp option, refer to 
“DHCP/Bootp 
Operation” on page 8-12. 


Figure 8-1. 	Example of the IP Service Configuration Screen without Multiple 
VLANs Configured 


2. 
Press [E] (for Edit). 


3.	 
If the switch needs to access a router, for example, to reach off-subnet 
destinations, select the Default Gateway field and enter the IP address of 
the gateway router. 


4.	 
If you need to change the packet Time-To-Live (TTL) setting, select Default 
TTL and type in a value between 2 and 255 (seconds). 


5. 
To configure IP addressing, select IP Config and do one of the following: 


•	 
If you want to have the switch retrieve its IP configuration from a 
DHCP or Bootp server, at the IP Config field, keep the value as DHCP/ 
Bootp and go to step 8. 


•	 
If you want to manually configure the IP information, use the Space 
bar to select Manual and use the [Tab] key to move to the other IP 
configuration fields. 


6. 
Select the IP Address field and enter the IP address for the switch. 


7. 
Select the Subnet Mask field and enter the subnet mask for the IP address. 


8. 
Press [Enter], then [S] (for Save). 
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CLI: Configuring IP Address, Gateway, and Time-To- 
Live (TTL) 


IP Commands Used in This Section 


show ip 
page 8-7 


vlan <vlan-id> ip 
page 8-8 


address 


ip default-gateway 
page 8-11 


ip ttl 
page 8-11 


Viewing the Current IP Configuration. The following command displays 
the IP addressing for each VLAN configured in the switch. If only the 
DEFAULT_VLAN exists, then its IP configuration applies to all ports in the 
switch. Where multiple VLANs are configured, the IP addressing is listed per 
VLAN. The display includes switch-wide packet time-to-live, and (if config­ 
ured) the switch’s default gateway and Timep configuration. 


Syntax: 
show ip 


For example, in the factory-default configuration (no IP addressing assigned), 
the switch’s IP addressing appears as: 


Figure 8-2. Example of the Switch’s Default IP Addressing 


With multiple VLANs and some other features configured, show ip provides 
additional information: 
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Figure 8-3. Example of Show IP Listing with Non-Default IP Addressing Configured 


Configure an IP Address and Subnet Mask. The following command 
includes both the IP address and the subnet mask. You must either include the 
ID of the VLAN for which you are configuring IP addressing or go to the 
context configuration level for that VLAN. (If you are not using VLANs on the 
switch—that is, if the only VLAN is the default VLAN—then the VLAN ID is 
always “1”.) 


Not e	 
The default IP address setting for the DEFAULT_VLAN is DHCP/Bootp. On 
additional VLANs you create, the default IP address setting is Disabled. 


Syntax:	 
vlan <vlan-id> ip address <ip-address/mask-length> 
— or — 
vlan <vlan-id> ip address <ip-address> <mask-bits> 
— or — 
vlan <vlan-id> ip address dhcp-bootp 


This example configures IP addressing on the default VLAN with the subnet 
mask specified in mask bits. 


HPswitch(config)# vlan 1 ip address 10.28.227.103/255.255.255.0 


This example configures the same IP addressing as the preceding example, 
but specifies the subnet mask by mask length. 


HPswitch(config)# vlan 1 ip address 10.28.227.103/24 
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Configure Multiple IP Addresses on a VLAN (Multinetting). You can 
configure one primary IP address per VLAN and up to seven secondary IP 
addresses for the same VLAN. That is, the switch enables you to assign up to 
eight networks to a VLAN. 


■ 
Each IP address on a VLAN must be for a separate subnet. 


■	 
The switch assigns the first IP address manually configured on a VLAN as 
the primary IP address. The switch then assigns any subsequent IP 
addresses (for other subnets) manually configured on the VLAN as sec­ 
ondary addresses. 


■	 
If the primary IP address on a VLAN is configured for DHCP-Bootp, the 
switch does not accept secondary IP addresses on that VLAN. (DHCP 
operates only to provide primary IP addressing, and is not used for 
providing secondary IP addressing.) 


■	 
The switch allows up to 512 secondary subnet address assignments to 
VLANs. 


Syntax:	 
[ no ] vlan <vlan-id> ip address <ip-address/mask-length> 
[ no ] vlan <vlan-id> ip address <ip-address> <mask-bits> 


For example, if you wanted to multinet VLAN_20 (VID = 20) with its primary 
IP address and two secondary IP addresses shown below, you would perform 
steps similar to the following. (For this example, assume that the primary IP 
addressing is already configured.) 


Status 
VID 
IP Address 
Subnet Mask 


Primary 
20 
10.25.33.101 
255.255.240.0 


Secondary 
20 
10.26.33.101 
255.255.240.0 


Secondary 
20 
10.27.33.101 
255.255.240.0 


1. Go to VLAN 20. 
2. Configure two secondary 
IP addresses on VLAN 
20. 
3. Display IP addressing. 


Note: A VLAN’s secondary IP 
entries are listed below the 
VLAN’s name and primary IP 
address. 


In a show ip listing, the first IP 
address listed for a VLAN is always 
that VLAN’s primary IP address. 


Figure 8-4. Example of Configuring and Displaying a Multinetted VLAN 
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If you then wanted to multinet the default VLAN, you would do the following: 


The secondary IP 
addresses in a VLAN 
are listed 
immediately after the 
primary IP address 
for the VLAN. 


Figure 8-5. Example of Multinetting on the Default VLAN 


Not e	 
The Internet (IP) Service screen in the Menu interface (figure 8-1 on page 8-6) 
displays only the primary IP address for each VLAN. You must use the CLI 
show ip command to display the full IP address listing for multinetted VLANs. 


Removing or Replacing IP Addresses in a Subnetted VLAN. To 
remove an IP address from a subnetted VLAN, use the “no” form of the IP 
address command shown on page 8-9. Generally, to replace one IP address 
with another, you should first remove the address you want to replace, and 
then enter the new address. However, in a subnetted VLAN, if you remove the 
primary IP address from a VLAN, the next sequential secondary IP address 
becomes the primary address. If you later re-enter the former primary IP 
address, the switch configures it as a secondary address. Thus, if you need to 
change the primary IP address in a subnetted VLAN, you must remove the 
secondary IP addresses configured for that VLAN before you replace the 
primary address. 
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Configure the Optional Default Gateway. Using the Global configura­ 
tion level, you can assign one default gateway to the switch. 


Syntax: ip default-gateway <ip-address> 


For example: 


HPswitch(config)# ip default-gateway 10.28.227.115
 


Configure Time-To-Live (TTL). Use this command at the Global config 
prompt to set the time that a packet outbound from the switch can exist on 
the network. The default setting is 64 seconds. 


Syntax: 
ip ttl <number-of-seconds> 


HPswitch(config)# ip ttl 60
 


In the CLI, you can execute this command only from the global configuration 
level. The TTL range is 2 - 255 seconds. 


Web: Configuring IP Addressing 


You can use the web browser interface to access IP addressing only if the 
switch already has an IP address that is reachable through your network. 


1. 
Click on the Configuration tab. 


2. 
Click on [IP Configuration]. 


3.	 
If you need further information on using the web browser interface, click 
on [?] to access the web-based help available for the Switch 2512/2524. 


How IP Addressing Affects Switch Operation 


Without an IP address and subnet mask compatible with your network, the 
switch can be managed only through a direct terminal device connection to 
the Console RS-232 port. You can use direct-connect console access to take 
advantage of features that do not depend on IP addressing. However, to realize 
the full performance capabilities HP proactive networking offers through the 
switch, configure the switch with an IP address and subnet mask compatible 
with your network. The following table lists the general features available with 
and without a network-compatible IP address configured. 
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Table 8-1. 
Features Available With and Without IP Addressing on the Switch 


Features Available Without an IP Address 
Additional Features Available with an IP Address and 
Subnet Mask 


• Direct-connect access to the CLI and the menu interface. 
• Stacking Candidate or Stack Member 
•
 DHCP or Bootp support for automatic IP address 
configuration, and DHCP support for automatic Timep 
server IP address configuration 


• Spanning Tree Protocol 
• Port settings and port trunking 
•
 Console-based status and counters information for 
monitoring switch operation and diagnosing problems 
through the CLI or menu interface. 


• VLANs and GVRP 
•
 Serial downloads of operating system (OS) updates and 
configuration files (Xmodem) 


• 
Link 
test 


• Port monitoring 
• Password authentication 
• Authorized IP manager security 


•
 HP web browser interface access, with configuration, 
security, and diagnostic tools, plus the Alert Log for 
discovering problems detected in the switch along with 
suggested solutions 


•
 SNMP network management access such as HP 
TopTools network configuration, monitoring, problem- 
finding and reporting, analysis, and recommendations for 
changes to increase control and uptime 
Note: Although TopTools recognizes the Switch 2626 as 
an SNMP device, customized device management is not 
supported for the Switch 2626 in HP TopTools for hubs 
and switches. 


• TACACS+, RADIUS, SSH, SSL, and 802.1X authentication 
• CDP support 
• Stacking Commander* 
• Telnet access to the CLI or the menu interface 
• 
IGMP 


• Timep server configuration 
• TFTP download of configurations and OS updates 
• 
Ping 
test 


*Although a Commander can operate without an IP address, doing so makes it unavailable for in-band access in an IP 
network. 


DHCP/Bootp Operation 


Overview. DHCP/Bootp is used to provide configuration data from a DHCP 
or Bootp server to the switch. This data can be the IP address, subnet mask, 
default gateway, Timep Server address, and TFTP server address. If a TFTP 
server address is provided, this allows the switch to TFTP a previously saved 
configuration file from the TFTP server to the switch. With either DHCP or 
Bootp, the servers must be configured prior to the switch being connected to 
the network. 


Not e 
The switch is compatible with both DHCP and Bootp servers. 


The DHCP/Bootp Process. Whenever the IP Config parameter in the switch 
or in an individual VLAN in the switch is configured to DHCP/Bootp (the 
default), or when the switch is rebooted with this configuration: 
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1.	 
DHCP/Bootp requests are automatically broadcast on the local network. 
(The switch sends one type of request to which either a DHCP or Bootp 
server can respond.) 


2.	 
When a DHCP or Bootp server receives the request, it replies with a 
previously configured IP address and subnet mask for the switch. The 
switch also receives an IP Gateway address if the server has been config­ 
ured to provide one. In the case of Bootp, the server must first be 
configured with an entry that has the MAC address of the switch. (To 
determine the switch’s MAC address, see appendix D, "MAC Address 
Management". The switch properly handles replies from either type of 
server. If multiple replies are returned, the switch tries to use the first 
reply.) 


Not e	 
If you manually configure a gateway on the switch, it will ignore any gateway 
address received via DHCP or Bootp. 


If the switch is initially configured for DHCP/Bootp operation (the default), 
or if it is rebooted with this configuration, it immediately begins sending 
request packets on the network. If the switch does not receive a reply to its 
DHCP/Bootp requests, it continues to periodically send request packets, but 
with decreasing frequency. Thus, if a DHCP or Bootp server is not available 
or accessible to the switch when DHCP/Bootp is first configured, the switch 
may not immediately receive the desired configuration. After verifying that 
the server has become accessible to the switch, reboot the switch to re-start 
the process immediately. 


DHCP Operation. Depending on how the DHCP server is configured, the 
switch may receive an ip address that is temporarily leased. Periodically the 
switch may be required to renew its lease of the IP configuration. Thus, the IP 
addressing provided by the server may be different each time the switch 
reboots or renews its configuration from the server. However, you can fix the 
address assignment for the switch by doing either of the following: 


■ 
Configure the server to issue an “infinite” lease. 


■	 
Using the switch’s MAC address as an identifier, configure the server with 
a “Reservation” so that it will always assign the same IP address to the 
switch. (For MAC address information, refer to appendix D, "MAC 
Address Management".) 


For more information on either of these procedures, refer to the documenta­ 
tion provided with the DHCP server. 
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Bootp Operation. When a Bootp server receives a request it searches its 
Bootp database for a record entry that matches the MAC address in the Bootp 
request from the switch. If a match is found, the configuration data in the 
associated database record is returned to the switch. For many Unix systems, 
the Bootp database is contained in the /etc/bootptab file. In contrast to DHCP 
operation, Bootp configurations are always the same for a specific receiving 
device. That is, the Bootp server replies to a request with a configuration 
previously stored in the server and designated for the requesting device. 


Bootp Database Record Entries. A minimal entry in the Bootp table file 
/etc/bootptab to update an IP address and subnet mask to the switch or a VLAN 
configured in the switch would be similar to this entry: 


j4108switch:\ 
ht=ether:\ 
ha=0030c1123456:\ 
ip=10.66.77.88:\ 
sm=255.255.248.0:\ 
gw=10.66.77.1:\ 
hn:\ 
vm=rfc1048 


An entry in the Bootp table file /etc/bootptab to tell the switch or VLAN 
where to obtain a configuration file download would be similar to this entry: 


j4108switch:\ 
ht=ether:\ 
ha=0030c1123456:\ 
ip=10.66.77.88:\ 
sm=255.255.248.0:\ 
gw=10.66.77.1:\ 
lg=10.22.33.44:\ 
T144=”switch.cfg”:\ 
vm=rfc1048 


where: 


j4108switch
 is a user-defined symbolic name to help you find the correct section of the 
bootptab file. If you have multiple switches that will be using Bootp to get their 
IP configuration, you should use a unique symbolic name for each switch. 


ht
 
is the “hardware type”. For the switches covered in this guide, set this to ether 
(for Ethernet). This tag must precede the ha tag. 


ha 
is the “hardware address”. Use the switch's (or VLAN's) 12-digit MAC address. 


ip 
is the IP address to be assigned to the switch (or VLAN). 


sm 
is the subnet mask of the subnet in which the switch (or VLAN) is installed. 


gw 
is the IP address of the default gateway. 
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lg 
TFTP server address (source of final configuration file) 


T144 
is the vendor-specific “tag” identifying the configuration file to download. 


vm
 
is a required entry that specifies the Bootp report format. For the switches 
described in this guide, set this parameter to rfc1048. 


Not e	 
The above Bootp table entry is a sample that will work for the switch when 
the appropriate addresses and file names are used. 


Network Preparations for Configuring DHCP/Bootp 


In its default configuration, the switch is configured for DHCP/Bootp opera­ 
tion. However, the DHCP/Bootp feature will not acquire IP addressing for the 
switch unless the following tasks have already been completed: 


■ 
For Bootp operation: 


•	 
A Bootp database record has already been entered into an appropriate 
Bootp server. 


• 
The necessary network connections are in place 


• 
The Bootp server is accessible from the switch 


■ 
For DHCP operation: 


• 
A DHCP scope has been configured on the appropriate DHCP server. 


• 
The necessary network connections are in place 


• 
A DHCP server is accessible from the switch 


Not e	 
Designating a primary VLAN other than the default VLAN affects the switch’s 
use of information received via DHCP/Bootp. For more on this topic, see “The 
Primary VLAN” on page 12-6. 


After you reconfigure or reboot the switch with DHCP/Bootp enabled in a 
network providing DHCP/Bootp service, the switch does the following: 


■	 
Receives an IP address and subnet mask and, if configured in the server, 
a gateway IP address and the address of a Timep server. 


■	 
If the DHCP/Bootp reply provides information for downloading a config­ 
uration file, the switch uses TFTPto download the file from the designated 
source, then reboots itself. (This assumes that the switch or VLAN has 
connectivity to the TFTP file server specified in the reply, that the config­ 
uration file is correctly named, and that the configuration file exists in the 
TFTP directory.) 
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IP Preserve: Retaining VLAN-1 IP 
Addressing Across Configuration File 
Downloads 


IP Preserve enables you to copy a configuration file to multiple switches that 
use the same operating-system software while retaining the individual IP 
address and subnet mask on VLAN 1 in each switch, and the Gateway IP 
address assigned to the switch. This enables you to distribute the same 
configuration file to multiple switches without overwriting their individual IP 
addresses. 


Operating Rules for IP Preserve 


When ip preserve is entered as the last line in a configuration file stored on a 
TFTP server: 


■	 
If the switch’s current IP address for VLAN 1 was not configured by DHCP/ 
Bootp, IP Preserve retains the switch’s current IP address, subnet mask, 
and IP gateway address when the switch downloads the file and reboots. 
The switch adopts all other configuration parameters in the configuration 
file into the startup-config file. 


■	 
If the switch’s current IP addressing for VLAN 1 is from a DHCP server, 
IP Preserve is suspended. In this case, whatever IP addressing the config­ 
uration file specifies is implemented when the switch downloads the file 
and reboots. If the file includes DHCP/Bootp as the IP addressing source 
for VLAN 1, the switch will configure itself accordingly and use DHCP/ 
Bootp. If instead, the file includes a dedicated IP address and subnet mask 
for VLAN 1 and a specific gateway IP address, then the switch will 
implement these settings in the startup-config file. 


■	 
The ip preserve statement does not appear in show config listings. To verify 
IP Preserve in a configuration file, open the file in a text editor and view 
the last line. For an example of implementing IP Preserve in a configura­ 
tion file, see figure 8-6, below. 


To set up IP Preserve, enter the ip preserve statement at the end of a configu­ 
ration file. (Note that you do not execute IP Preserve by entering a command 
from the CLI). 
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Entering "ip preserve" in the last line of a configuration 
file implements IP Preserve when the file is 
downloaded to the switch and the switch reboots. 


Figure 8-6. Example of Implementing IP Preserve in a Switch Configuration File 


For example, consider Figure 8-7: 


Switch 4 


VLAN 1: DHCP 


Switch 3 


VLAN 1: 
10.31.22.103 


Switch 1 


VLAN 1: 
10.31.22.101 


DHCP 
Server 


Switch 2 


VLAN 1: 
10.31.22.102 


config. 
IP 
Address 


Switches 1 through 3 copy and implement the config.txt file 
from the TFTP server (figure 8-8), but retain their current IP 


Switch 4 also copies and implements the 
config.txt file from the TFTP server (figure 8-8), but 
acquires new IP addressing from the DHCP 


TFTP 
Server 


Management 
Station 


Figure 8-7. Example of IP Preserve Operation with Multiple Switches Using the Same OS Software 


If you apply the following configuration file to figure 8-7, switches 1 - 3 will 
retain their manually assigned IP addressing and switch 4 will be configured 
to acquire its IP addressing from a DHCP server. 
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Using figure 8-7, above, switches 1 - 3 ignore these 
entries because the file implements IP Preserve and 
their current IP addressing was not acquired through 
DHCP/Bootp. 


Switch 4 ignores IP Preserve and implements the 
DHCP/Bootp addressing and IP Gateway specified in 
this file (because its last IP addressing was acquired 
from a DHCP/Bootp server). 
IP Preserve Command 


Figure 8-8. Configuration File in TFTP Server, with DHCP/Bootp Specified as the IP Addressing Source 


If you apply this configuration file to figure 8-7, switches 1 - 3 will still retain 
their manually assigned IP addressing. However, switch 4 will be configured 
with the IP addressing included in the file. 


8-18 


Configuring IP Addressing 
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Because switch 4 (figure 8-7) received 
its most recent IP addressing from a 
DHCP/Bootp server, the switch 
ignores the ip preserve command and 
implements the IP addressing 
included in this file. 


Figure 8-9. Configuration File in TFTP Server, with Dedicated IP Addressing Instead of DHCP/Bootp 


To summarize the IP Preserve effect on IP addressing: 


■	 
If the switch received its most recent VLAN 1 IP addressing from a DHCP/ 
Bootp server, it ignores the IP Preserve command when it downloads the 
configuration file, and implements whatever IP addressing instructions 
are in the configuration file. 


■	 
If the switch did not receive its most recent VLAN 1 IP addressing from a 
DHCP/Bootp server, it retains its current IP addressing when it downloads 
the configuration file. 


■	 
The content of the downloaded configuration file determines the IP 
addresses and subnet masks for other VLANs. 
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Globally Assigned IP Network Addresses 


If you intend to connect your network to other networks that use globally 
administered IP addresses, Hewlett-Packard strongly recommends that you 
use IP addresses that have a network address assigned to you. There is a 
formal process for assigning unique IP addresses to networks worldwide. For 
more information: 


Please contact your internet service provider (ISP). 


If you need more information than your ISP can provide, contact one of the 
following organizations: 


Country 
Phone Number/E-Mail/URL Organization Name/Address 


United States/ 
Countries not in 
Europe or Asia/Pacific 


1-310-823-9358 
icann@icann.org 
http://www.icann.org 


The Internet Corporation for Assigned 
Names and Numbers (ICANN) 
4676 Admiralty Way, Suite 330 
Marina Del Rey, CA 90292 
USA 


Europe 
+31 20 535 4444 
ncc@ripe.net 
http://www.ripe.net 


RIPE NCC 
Singel 258 
1016 AB Amsterdam 
The Netherlands 


Asia/Pacific 
+61-7-3367-0490 
info@apnic.net 
http://www.apnic.net 


Attention: IN-ADDR.ARPA Registration 
Asia Pacific Network Information Center 
Level 1, 33 Park Road 
PO Box 2131 
Milton, QLD 4064 
Australia 


For more information, refer to the latest edition of Internetworking with TCP/ 
IP: Principles, Protocols and Architecture by Douglas E. Comer (Prentice- 
Hall, Inc., publisher). 
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Overview 


This chapter describes: 


■ 
SNTP Time Protocol Operation 


■ 
Timep Time Protocol Operation 


Using time synchronization ensures a uniform time among inter operating 
devices. This helps you to manage and troubleshoot switch operation by 
attaching meaningful time data to event and error messages. 


The switch offers TimeP and SNTP (Simple Network Time Protocol) and a 
timesync command for changing the time protocol selection (or turning off 
time protocol operation). 


Notes 


■	 
Although you can create and save configurations for both time proto­ 
cols without conflicts, the switch allows only one active time protocol 
at any time. 


■	 
In the factory-default configuration, the time synchronization option 
is set to TimeP, with the TimeP mode itself set to Disabled. 


TimeP Time Synchronization 


You can either manually assign the switch to use a TimeP server or use DHCP 
to assign the TimeP server. In either case, the switch can get its time synchro­ 
nization updates from only one, designated Timep server. This option 
enhances security by specifying which time server to use. 


SNTP Time Synchronization 


SNTP provides two operating modes: 


■	 
Broadcast Mode: The switch acquires time updates by accepting the 
time value from the first SNTP time broadcast detected. (In this case, 
the SNTP server must be configured to broadcast time updates to the 
network broadcast address. Refer to the documentation provided 
with your SNTP server application.) Once the switch detects a partic- 
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ular server, it ignores time broadcasts from other SNTP servers unless 
the configurable Poll Interval expires three consecutive times without 
an update received from the first-detected server. 


Note 
To use Broadcast mode, the switch and the SNTP server must be in the 
same subnet. 


■	 
Unicast Mode: The switch requests a time update from the config­ 
ured SNTP server. (You can configure one server using the menu 
interface, or up to three servers using the CLI sntp server command.) 
This option provides increased security over the Broadcast mode by 
specifying which time server to use instead of using the first one 
detected through a broadcast. 


Overview: Selecting a Time 
Synchronization Protocol or Turning Off 
Time Protocol Operation 


General Steps for Running a Time Protocol on the Switch: 


1. Select the time synchronization protocol: SNTP or TimeP (the default). 


2. Enable the protocol. The choices are: 


• 
SNTP: Broadcast or Unicast 


• 
TimeP: DHCP or Manual 


3. Configure the remaining parameters for the time protocol you selected. 


The switch retains the parameter settings for both time protocols even if 
you change from one protocol to the other. Thus, if you select a time 
protocol, the switch uses the parameters you last configured for the 
selected protocol. 
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Note that simply selecting a time synchronization protocol does not enable 
that protocol on the switch unless you also enable the protocol itself (step 2, 
above). For example, in the factory-default configuration, TimeP is the 
selected time synchronization method. However, because TimeP is disabled 
in the factory-default configuration, no time synchronization protocol is 
running. 


Disabling Time Synchronization 


You can use either of the following methods to disable time synchronization 
without changing the Timep or SNTP configuration: 


■	 
In the System Information screen of the Menu interface, set the Time 
Synch Method parameter to None, then press [Enter], then [S] (for Save). 


■ 
In the Global config level of the CLI, execute no timesync. 


SNTP: Viewing, Selecting, and 
Configuring 


SNTP Feature 
Default 
Menu 
CLI 
Web 


view the SNTP time synchronization configuration 
n/a 
page 9-5 
page 9-8 
— 


select SNTP as the time synchronization method 
timep 
page 9-6 
page 9-9 ff. 
— 


disable time synchronization 
timep 
page 9-6 
page 9-12 
— 


enable the SNTP mode (Broadcast, Unicast, or Disabled) 
disabled 
— 


broadcast 
n/a 
page 9-6 
page 9-9 
— 


unicast 
n/a 
page 9-6 
page 9-10 
— 


none/disabled 
n/a 
page 9-6 
page 9-13 
— 


configure an SNTP server address (for Unicast mode only) none 
page 9-6 
page 9-10 ff. 
— 


change the SNTP server version (for Unicast mode only) 
3 
page 9-7 
page 9-12 
— 


change the SNTP poll interval 
720 seconds 
page 9-7 
page 9-12 
— 
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Table 9-1.SNTP Parameters 


SNTP Parameter Operation 


Time Sync 
Method 


Used to select either SNTP, TIMEP, or None as the time synchronization method. 


SNTP Mode 


Disabled	 
The Default. SNTP does not operate, even if specified by the Menu interface Time Sync Method 
parameter or the CLI timesync command. 


Unicast	 
Directs the switch to poll a specific server forSNTPtime synchronization. Requires at least one server 
address. 


Broadcast	 
Directs the switch to acquire its time synchronization from data broadcast by any SNTP server to the 
network broadcast address. The switch uses the first server detected and ignores any others. 
However, if the Poll Interval expires three times without the switch detecting a time update from the 
original server, it the switch accepts a broadcast time update from the next server it detects. 


Poll Interval 
(seconds) 


In Unicast Mode: Specifies how often the switch polls the designated SNTP server for a time update. 
In Broadcast Mode: Specifies how often the switch polls the network broadcast address for a time 
update. 


Server Address	 
Used only when the SNTP Mode is set to Unicast. Specifies the IP address of the SNTP server that 
the switch accesses for time synchronization updates. You can configure up to three servers; one 
using the menu or CLI, and two more using the CLI. See “SNTP Unicast Time Polling with Multiple 
SNTP Servers” on page 9-21. 


Server Version	 
Default: 3; range: 1 - 7. Specifies the SNTP software version to use, and is assigned on a per-server 
basis. The version setting is backwards-compatible. For example, using version 3 means that the 
switch accepts versions 1 through 3. 


Menu: Viewing and Configuring SNTP 


To View, Enable, and Modify SNTP Time Protocol: 


1. From the Main Menu, select: 


2. Switch Configuration... 


1. System Information 
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Time Protocol Selection Parameter 
– 
TIMEP 
– 
SNTP 
– None 


Figure 9-1. The System Information Screen (Default Values) 


2. Press [E] (for Edit). The cursor moves to the System Name field. 


3. Use [v] to move the cursor to the Time Sync Method field. 


4.	 Use the Space bar to select SNTP, then press [v] once to display and move 
to the SNTP Mode field. 


5. 
Do one of the following: 


•	 
Use the Space bar to select the Broadcast mode, then press [v] to 
move the cursor to the Poll Interval field, and go to step 6. (For 
Broadcast mode details, see "SNTP Operating Modes" on 
page 9-2.) 


•	 
Use the Space bar to select the Unicast mode, then do the 
following: 


i. 
Press [>] to move the cursor to the Server Address field. 
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ii.	 Enter the IP address of the SNTP server you want the switch to 
use for time synchronization. 


Note: This step replaces any previously configured server IP 
address. If you 
will be using backup SNTP servers (requires use of the CLI), then 
see 
“SNTP Unicast Time Polling with Multiple SNTP Servers” on page
 
9-21.
 


iii. Press [v] to move the cursor to the Server Version field. Enter the 
value that matches the SNTP server version running on the device 
you specified in the preceding step (step ii). If you are unsure 
which version to use, HP recommends leaving this value at the 
default setting of 3 and testing SNTP operation to determine 
whether any change is necessary. 


Note: Using the menu to enter the IP address for an SNTP server 
when the switch already has one or more SNTP servers config­ 
ured causes the switch to delete the primary SNTP server from 
the server list and to select a new primary SNTP server from the 
IP address(es) in the updated list. For more on this topic, see 
“SNTP Unicast Time Polling with Multiple SNTP Servers” on page 
9-21. 


iv. Press [>] to move the cursor to the Poll Interval field, then go to step 


6. 


6.	 In the Poll Interval field, enter the time in seconds that you want for a Poll 
Interval. (For Poll Interval operation, see table 9-1, “SNTP Parameters”, 
on page 9-5.) 


7.	 Press [Enter] to return to the Actions line, then [S] (for Save) to enter the 
new time protocol configuration in both the startup-config and running­ 
config files. 
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CLI: Viewing and Configuring SNTP 


CLI Commands Described in this Section 


show sntp 
page 9-8 


[no] timesync 
pages 9-9 and ff., 9-12
 


sntp broadcast 
page 9-9
 


sntp unicast 
page 9-10
 


sntp server 
pages 9-10 and ff.
 


Protocol Version 
page 9-12 


poll-interval 
page 9-12 


no sntp 
page 9-13 


This section describes how to use the CLI to view, enable, and configure SNTP 
parameters. 


Viewing the Current SNTP Configuration 


This command lists both the time synchronization method (TimeP, SNTP, or 
None) and the SNTP configuration, even if SNTP is not the selected time 
protocol. 


Syntax: 
show sntp 


For example, if you configured the switch with SNTP as the time synchroni­ 
zation method, then enabled SNTP in broadcast mode with the default poll 
interval, show sntp lists the following: 


Figure 9-2. Example of SNTP Configuration When SNTP Is the Selected Time 
Synchronization Method 


In the factory-default configuration (where TimeP is the selected time 
synchronization method), show sntp still lists the SNTP configuration even 
though it is not currently in use. For example: 
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Even though, in this example, TimeP is the 
current time synchronous method, the 
switch maintains the SNTP configuration. 


Figure 9-3. Example of SNTP Configuration When SNTP Is Not the Selected Time Synchronization Method 


Configuring (Enabling or Disabling) the SNTP Mode 


Enabling the SNTP mode means to configure it for either broadcast or unicast 
mode. Remember that to run SNTP as the switch’s time synchronization 
protocol, you must also select SNTP as the time synchronization method by 
using the CLI timesync command (or the Menu interface Time Sync Method 
parameter). 


Syntax: 
timesync sntp 
Selects SNTP as the time protocol. 


sntp < broadcast | unicast > 


Enables the SNTP mode (below and page 9-10). 


sntp server < ip-addr > 
Required only for unicast mode (page 9-10). 


sntp poll-interval < 30 . . 720> 


Enabling the SNTP mode also enables the SNTP poll interval 
(default: 720 seconds; page 9-12). 


Enabling SNTP in Broadcast Mode. Because the switch provides an SNTP 
polling interval (default: 720 seconds), you need only these two commands 
for minimal SNTP broadcast configuration: 


Syntax: 
timesync sntp 
Selects SNTP as the time synchronization method. 


sntp broadcast 
Configures Broadcast as the SNTP mode. 


For example, suppose: 


■	 
Time synchronization is in the factory-default configuration (TimeP 
is the currently selected time synchronization method). 


■ 
You want to: 


1. View the current time synchronization. 
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2. Select SNTP as the time synchronization mode. 


3. Enable SNTP for Broadcast mode. 


4. View the SNTP configuration again to verify the configuration. 


The commands and output would appear as follows: 


show sntp displays the SNTP configuration and also shows that 
TimeP is the currently active time synchronization mode. 
1 


2 


3 


show sntp again displays the SNTP configuration and shows that 
SNTP is now the currently active time synchronization mode and is 
configured for broadcast operation. 


4 


4 


Figure 9-4. Example of Enabling SNTP Operation in Broadcast Mode 


Enabling SNTP in Unicast Mode. Like broadcast mode, configuring SNTP 
for unicast mode enables SNTP. However, for Unicast operation, you must 
also specify the IP address of at least one SNTP server. The switch allows up 
to three unicast servers. You can use the Menu interface or the CLI to 
configure one server or to replace an existing Unicast server with another. To 
add a second or third server, you must use the CLI. For more on SNTP 
operation with multiple servers, see “SNTP Unicast Time Polling with Multiple 
SNTP Servers” on page 9-21. 


Syntax: 
timesync sntp 
Selects SNTP as the time synchronization method. 


sntp unicast 
Configures the SNTP mode for Unicast operation. 


sntp server <ip-addr> [version] 
Specifies the SNTP server. The default server version is 3. 


no sntp server < ip-addr > 
Deletes the specified SNTP server. 
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Not e	 
Deleting an SNTP server when only one is configured disables SNTP unicast 
operation. 


For example, to select SNTP and configure it with unicast mode and an SNTP 
server at 10.28.227.141 with the default server version (3) and default poll 
interval (720 seconds): 


HPswitch(config)# timesync sntp 


Selects SNTP. 


HPswitch(config)# sntp unicast 


Activates SNTP in Unicast mode. 


HPswitch(config)# sntp server 10.28.227.141 


Specifies the SNTP server and accepts the current SNTP server 
version (default: 3). 


. 


In this example, the Poll Interval and the Protocol 
Version appear at their default settings. 


Note: Protocol Version appears only when there is an 
IP address configured for an SNTP server. 


Figure 9-5. Example of Configuring SNTP for Unicast Operation 


If the SNTP server you specify uses SNTP version 4 or later, use the sntp server 
command to specify the correct version number. For example, suppose you 
learned that SNTP version 4 was in use on the server you specified above (IP 
address 10.28.227.141). You would use the following commands to delete the 
server IP address and then re-enter it with the correct version number for that 
server: 
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Deletes unicast SNTP server entry. 


Re-enters the unicast server with a non- 
default protocol version. 


show sntp displays the result. 


Figure 9-6. Example of Specifying the SNTP Protocol Version Number 


Changing the SNTP Poll Interval. 


Syntax: 
sntp poll-interval < 30 . . 720 > 
Specifies how long the switch waits between time polling 
intervals. The default is 720 seconds and the range is 30 to 
720 seconds. (This parameter is separate from the poll 
interval parameter used for Timep operation.) 


For example, to change the poll interval to 300 seconds: 


HPswitch(config)# sntp poll-interval 300 


Disabling Time Synchronization Without Changing the SNTP 
Configuration. The recommended method for disabling time synchroniza­ 
tion is to use the timesync command to avoid changing the switch’s SNTP 
configuration. 


Syntax: 
no timesync 
Halts time synchronization without changing the switch’s 
SNTP configuration 


For example, suppose SNTP is running as the switch’s time synchronization 
protocol, with Broadcast as the SNTP mode and the factory-default polling 
interval. You would halt time synchronization with this command: 


HPswitch(config)# no timesync 


If you then viewed the SNTP configuration, you would see the following: 
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Figure 9-7. Example of SNTP with Time Sychronization Disabled 


Disabling the SNTP Mode. If you want to prevent SNTP from being used 
even if selected by timesync (or the Menu interface’s Time Sync Method param­ 
eter), configure the SNTP mode as disabled. 


Syntax: 
no sntp 
Disables SNTP by changing the SNTP mode 
configuration to Disabled. 


For example, if the switch is running SNTP in Unicast mode with an SNTP 
server at 10.28.227.141 and a server version of 3 (the default), no sntp changes 
the SNTP configuration as shown below, and disables time synchronization 
on the switch. 


Even though the Time Sync Mode is set to Sntp, 
time synchronization is disabled because no 
sntp has disabled the SNTP Mode parameter. 


Figure 9-8. Example of Disabling Time Synchronization by Disabling the SNTP Mode 
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TimeP: Viewing, Selecting, and 
Configuring 


TimeP Feature 
Default 
Menu 
CLI 
Web 


view the Timep time synchronization 
configuration 


n/a 
page 9-15 
page 9-17 
— 


select Timep as the time synchronization 
method 


TIMEP 
page 9-13 
pages 9-18 


ff. 


— 


disable time synchronization 
timep 
page 9-15 
page 9-20 
— 


enable the Timep mode 
Disabled 
— 


DHCP 
— 
page 9-15 
page 9-18 
— 


manual 
— 
page 9-16 
page 9-19 
— 


none/disabled 
— 
page 9-15 
page 9-21 
— 


change the SNTP poll interval 
720 minutes 
page 9-16 
page 9-20 
— 


Table 9-2.Timep Parameters 


SNTP Parameter Operation 


Time Sync 
Method 


Used to select either TIMEP (the default), SNTP, or None as the time synchronization method. 


Timep Mode 


Disabled	 
The Default. Timep does not operate, even if specified by the Menu interface Time Sync Method 
parameter or the CLI timesync command. 


DHCP	 
When Timep is selected as the time synchronization method, the switch attempts to acquire a Timep 
server IP address via DHCP. If the switch receives a server address, it polls the server for updates 
according to the Timep poll interval. If the switch does not receive a Timep server IP address, it cannot 
perform time synchronization updates. 


Manual	 
When Timep is selected as the time synchronization method, the switch attempts to poll the specified 
server for updates according to the Timep poll interval. If the switch fails to receive updates from the 
server, time synchronization updates do not occur. 


Server 
Address 


Used only when the TimeP Mode is set to Manual. Specifies the IP address of the TimeP server that 
the switch accesses for time synchronization updates. You can configure one server. 


Poll Interval 
(minutes) 


Default: 720 minutes. Specifies the interval the switch waits between attempts to poll the TimeP server 
for updates. 
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Menu: Viewing and Configuring TimeP 


To View, Enable, and Modify the TimeP Protocol: 


1. From the Main Menu, select: 


2. Switch Configuration... 


1. System Information 


Time Protocol Selection Parameter 
– TIMEP (the default) 
– 
SNTP 
– None 


Figure 9-9. The System Information Screen (Default Values) 


2. Press [E] (for Edit). The cursor moves to the System Name field. 


3. Use [v] to move the cursor to the Time Sync Method field. 


4.	 If TIMEP is not already selected, use the Space bar to select TIMEP, then 
press [v] once to display and move to the TimeP Mode field. 


5. 
Do one of the following: 


•	 
Use the Space bar to select the DHCP mode, then press [v] to move 
the cursor to the Poll Interval field, and go to step 6. 
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• 
Use the Space bar to select the Manual mode. 


i. 
Press [>] to move the cursor to the Server Address field. 


ii.	 Enter the IP address of the TimeP server you want the switch to 
use for time synchronization. 


Note: This step replaces any previously configured TimeP server 
IP address. 


iii. Press [>] to move the cursor to the Poll Interval field, then go to step 


6. 


6.	 In the Poll Interval field, enter the time in minutes that you want for a TimeP 
Poll Interval. 


Press [Enter] to return to the Actions line, then [S] (for Save) to enter the new 
time protocol configuration in both the startup-config and running-config 
files. 


CLI: Viewing and Configuring TimeP 


CLI Commands Described in this Section 


show timep 


[no] timesync 


ip timep 


dhcp 


manual 


server <ip-addr> 


interval 


no ip timep 


page 9-17 


page 9-18 ff., 9-20 


page 9-18 


page 9-19 


page 9-19 


page 9-20 


page 9-21 
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This section describes how to use the CLI to view, enable, and configure TimeP 
parameters. 


Viewing the Current TimeP Configuration 


This command lists both the time synchronization method (TimeP, SNTP, or 
None) and the TimeP configuration, even if SNTP is not the selected time 
protocol. 


Syntax: 
show timep 


For example, if you configure the switch with TimeP as the time synchroniza­ 
tion method, then enable TimeP in DHCP mode with the default poll interval, 
show timep lists the following: 


Figure 9-10. 	Example of TimeP Configuration When TimeP Is the Selected Time 
Synchronization Method 


If SNTP is the selected time synchronization method), show timep still lists the 
TimeP configuration even though it is not currently in use: 


Even though, in this example, SNTP is the 
current time synchronization method, the 
switch maintains the TimeP 
configuration. 


Figure 9-11. Example of SNTP Configuration When SNTP Is Not the Selected Time Synchronization 
Method 
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Configuring (Enabling or Disabling) the TimeP Mode 


Enabling the TimeP mode means to configure it for either broadcast or unicast 
mode. Remember that to run TimeP as the switch’s time synchronization 
protocol, you must also select TimeP as the time synchronization method by 
using the CLI timesync command (or the Menu interface Time Sync Method 
parameter). 


Syntax: 
timesync timep 
Selects TimeP as the time protocol. 


ip timep < dhcp | manual > 


Enables the selected TimeP mode. 


no ip timep 
Disables the TimeP mode. 


no timesync 
Disables the time protocol. 


Enabling TimeP in DHCP Mode. Because the switch provides a TimeP 
polling interval (default: 720 minutes), you need only these two commands for 
a minimal TimeP DHCP configuration: 


Syntax: 
timesync timep 
Selects TimeP as the time synchronization method. 


ip timep dhcp 


Configures DHCP as the TimeP mode. 


For example, suppose: 


■ 
Time synchronization is configured for SNTP. 


■ 
You want to: 


1. View the current time synchronization. 


2. Select TimeP as the time synchronization mode. 


3. Enable TimeP for DHCP mode. 


4. View the TimeP configuration. 
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The commands and output would appear as follows: 


show timep displays the TimeP configuration and also shows 
that SNTP is the currently active time synchronization mode. 


1 


2 


3 


4 


show timep again displays the TimeP configuration and shows that TimeP is 
now the currently active time synchronization mode. 


Figure 9-12. Example of Enabling TimeP Operation in DHCP Mode 


Enabling Timep in Manual Mode. LikeDHCP mode, configuring TimeP for 
Manual mode enables TimeP. However, for manual operation, you must also 
specify the IP address of the TimeP server. (The switch allows only one TimeP 
server.) To enable the TimeP protocol: 


Syntax: 
timesync timep 
Selects Timep. 


ip timep manual <ip-addr> 


Activates TimeP in Manual mode with a specified TimeP 
server. 


no ip timep 
Disables TimeP. 


Note 
To change from one TimeP server to another, you must (1) use the no ip timep 
command to disable TimeP mode, and then reconfigure TimeP in Manual 
mode with the new server IP address. 


For example, to select TimeP and configure it for manual operation using a 
TimeP server address of 10.28.227.141 and the default poll interval (720 
minutes, assuming the TimeP poll interval is already set to the default): 
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HPswitch(config)# timesync timep
 


Selects TimeP. 


HPswitch(config)# ip timep manual 10.28.227.141
 


Activates TimeP in Manual mode. 


Figure 9-13. Example of Configuring Timep for Manual Operation 


Changing the TimeP Poll Interval. This command lets you specify how 
long the switch waits between time polling intervals. The default is 720 
minutes and the range is 1 to 9999 minutes. (This parameter is separate from 
the poll interval parameter used for SNTP operation.) 


Syntax:	 
ip timep dhcp interval < 1 . . 9999 > 
ip timep manual interval < 1 . . 9999 > 


For example, to change the poll interval to 60 minutes: 


HPswitch(config)# ip timep interval 60
 


Disabling Time Synchronization Without Changing the TimeP 
Configuration. The recommended method for disabling time synchroniza­ 
tion is to use the timesync command. This halts time synchronization without 
changing your TimeP configuration. 


Syntax: 
no timesync 


For example, suppose TimeP is running as the switch’s time synchronization 
protocol, with DHCP as the TimeP mode, and the factory-default polling 
interval. You would halt time synchronization with this command: 


HPswitch(config)# no timesync
 


If you then viewed the TimeP configuration, you would see the following: 
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Figure 9-14. Example of TimeP with Time Sychronization Disabled 


Disabling the TimeP Mode. Disabling the TimeP mode means to configure 
it as disabled. (Disabling TimeP prevents the switch from using it as the time 
synchronization protocol, even if it is the selected Time Sync Method option.) 


Syntax: 
no ip timep 
Disables TimeP by changing the TimeP mode 
configuration to Disabled. 


For example, if the switch is running TimeP in DHCP mode, no ip timep changes 
the TimeP configuration as shown below, and disables time synchronization 
on the switch. 


Even though the Time Sync Mode is set to Timep, 
time synchronization is disabled because no ip 
timep has disabled the TimeP Mode parameter. 


Figure 9-15. Example of Disabling Time Synchronization by Disabling the TimedP 
Mode Parameter 


SNTP Unicast Time Polling with Multiple 
SNTP Servers 


When running SNTP unicast time polling as the time synchronization method, 
the switch requests a time update from the server you configured with either 
the Server Address parameter in the menu interface, or the primary server in 
a list of up to three SNTP servers configured using the CLI. If the switch does 
not receive a response from the primary server after three consecutive polling 
intervals, the switch tries the next server (if any) in the list. If the switch tries 
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all servers in the list without success, it sends an error message to the Event 
Log and reschedules to try the address list again after the configured Poll Interval 
time has expired. 


Address Prioritization 


If you use the CLI to configure multiple SNTP servers, the switch prioritizes 
them according to the decimal values of their IP addresses. That is, the switch 
compares the decimal value of the octets in the addresses and orders them 
accordingly, with the lowest decimal value assigned as the primary address, 
the second-lowest decimal value assigned as the next address, and the third- 
lowest decimal value as the last address. If the first octet is the same between 
two of the addresses, the second octet is compared, and so on. For example: 


SNTP Server 
IP Address 


Server Ranking According to 
Decimal Value of IP Address 


10.28.227.141 
Primary 


10.28.227.153 
Secondary 


10.29.227.100 
Tertiary 


Adding and Deleting SNTP Server Addresses 


Adding Addresses. As mentioned earlier, you can configure one SNTP 
server address using either the Menu interface or the CLI. To configure a 
second and third address, you must use the CLI. For example, suppose you 
have already configured the primary address in the above table 
(10.28.227.141). To configure the remaining two addresses, you would do the 
following: 
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Prioritized list of SNTP 
Server IP Addresses 


Figure 9-16. Example of SNTP Server Address Prioritization 


Note 
If there are already three SNTP server addresses configured on the switch, 
and you want to use the CLI to replace one of the existing addresses with a 
new one, you must delete the unwanted address before you configure the new 
one. 


Deleting Addresses. To delete an address, you must use the CLI. If there are 
multiple addresses and you delete one of them, the switch re-orders the 
address priority. (See “Address Prioritization” on page 9-22.) 


Syntax: 
no sntp server <ip-addr> 


For example, to delete the primary address in the above example (and 
automatically convert the secondary address to primary): 


HPswitch(config)# no sntp server 10.28.227.141
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Menu Interface Operation with Multiple SNTP Server Addresses 
Configured 


When you use the Menu interface to configure an SNTP server IP address, the 
new address writes over the current primary address, if one is configured. If 
there are multiple addresses configured, the switch re-orders the addresses 
according to the criteria described under “Address Prioritization” on page 9- 
22. For example, suppose the switch already has the following three SNTP 
server IP addresses configured. 


■ 
10.28.227.141 (primary) 


■ 
10.28.227.153 (secondary) 


■ 
10.29.227.100 (tertiary) 


If you use the Menu interface to add 10.28.227.160, the new prioritized list will 
be: 


New Address List 
Address Status 


10.28.227.153	 
New Primary (The former primary, 10.28.227.141 was deleted when 
you used the menu to add 10.28.227.160.) 


10.28.227.160 
New Secondary 


10.29.227.100 
Same Tertiary (This address still has the highest decimal value.) 


SNTP Messages in the Event Log 


If an SNTP time change of more than three seconds occurs, the switch’s event 
log records the change. SNTP time changes of less than three seconds do not 
appear in the Event Log. 
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Overview 


This chapter includes: 


■ 
Configuring ports to non-default settings (page 10-2) 


These settings include enable/disable, mode (speed and duplex), flow 
control, port-trunk group, and port-trunk type. You can also set a 
broadcast limit that applies to all ports on the switch. 


■ 
Port aggregation: Creating and modifying a port trunk group (page 10-10) 


You can configure static and dynamic trunks. Includes non-protocol 
trunks, LACP (802.3ad) trunks, and FEC trunks. 


■ 
Configuring port-based priority for incoming packets (page 10-34) 


This feature enables you to prioritize inbound traffic that either 
carries an 802.1Q VLAN tag with a priority of 0 (zero) or is not a tagged 
VLAN packet. 


Viewing Port Status and Configuring Port 
Parameters 


Port Status and Configuration Features 


Feature 
Default 
Menu 
CLI 
Web 


viewing port status 
n/a 
page 10-5 
page 10-6 
page 10-9 


configuring ports 
See Table 10-10- page 10-5 
page 10-8 
page 10-9 


1 on pages 10-3 
and 10-4. 


Note On Connecting If the switch either fails to show a link between an installed transceiver and 
Transceivers to 
another device, or demonstrates errors or other unexpected behavior on the 
Fixed-Configuration link, check the port configuration on both devices for a speed and/or duplex 
Devices 
(mode) mismatch. To check the mode setting for a port on a the switch, use 
either the Port Status screen in the menu interface (page 10-5) or show 
interfaces brief in the CLI (page 10-6). 
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Table 10-1. Status and Parameters for Each Port Type 


Status or 
Parameter 


Description 


Enabled 
Yes (default): The port is ready for a network connection. 
No: The port will not operate, even if properly connected in a network. Use this setting, for example, if 
the port needs to be shut down for diagnostic purposes or while you are making topology changes. 


Status 
Up: The port senses a linkbeat. 


(read-only)	 
Down: The port is not enabled, has no cables connected, or is experiencing a network error. For 
troubleshooting information, see the installation manual you received with the switch. See also chapter 
11, “Troubleshooting” (in this manual). 


Mode 
The port’s speed and duplex (data transfer operation) setting. 


10/100Base-T ports: 
•	 Auto (default): Senses speed and negotiates with the port at the other end of the link for data transfer 
operation (half-duplex or full-duplex). 


Note: Ensure that the device attached to the port is configured for the same setting that you select 
here. Also, if “Auto” is used, the device to which the port is connected must operate in compliance 
with the IEEE 802.3u “Auto Negotiation” standard for 100Base-T networks. If the other device does 
not comply with the 802.3u standard, or is not set to Auto, then the port configuration on the switch 
must be manually set to match the port configuration on the other device. 


To see what the switch negotiates for the Auto setting, use the CLI show interfaces command or the 
“ 3. Port Status” option under “1. Status and Counters” in the menu interface. 
• Auto-10: Allows the port to negotiate between half-duplex (HDx) and full-duplex (FDx) while keeping 
speed at 10 Mbps. Also negotiates flow control (enabled or disabled). HP recommends Auto-10 for 
links between 10/100 autosensing ports connected with Cat 3 cabling. (Cat 5 cabling is required for 
100 Mbps links.). 


• 10HDx:10 Mbps, Half-Duplex 
• 10FDx: 10 Mbps, Full-Duplex 
• 100HDx: 100 Mbps, Half-Duplex 
• 100FDx: 100 Mbps, Full-Duplex 


100FX ports: 
• 100HDx: 100 Mbps, Half-Duplex 
• 100FDx (default): 100 Mbps, Full-Duplex 


10-3 


Optimizing Traffic Flow with Port Controls, Port Trunking, and Port-Based Priority 
Viewing Port Status and Configuring Port Parameters 


Status or 
Parameter 


Description 


100/1000Base-T ports: 
•	 Auto (default): Senses speed and negotiates with the port at the other end of the link for port operation 
(MDI-X or MDI). 
To see what the switch negotiates for the Auto setting, use the CLI show interfaces brief command 
or the “ 3. Port Status” option under “1. Status and Counters” in the menu interface. 
• Auto-100: Uses 100 Mbps and negotiates with the port at the other end of the link for other port 
operation features. 


•	 Auto-1000: Uses 1000 Mbps and negotiates with the port at the other end of the link for other port 
operation features. 


• 100Hdx: Uses 100 Mbps, half-duplex. 
• 100Fdx: Uses 100 Mbps, Full-Duplex 
Notes: 
•	 Ensure that the device attached to the port is configured for the same setting that you select here. 
Also, if “Auto” is used, the device to which the port is connected must also be configured to “Auto” 
and operate in compliance with the IEEE 802.3ab “Auto Negotiation” standard for 1000Base-T 
networks. 


Gigabit fiber-optic ports (Gigabit-SX, Gigabit-LX, and Gigabit-LH): 
• 1000FDx: 1000 Mbps (1 Gbps), Full Duplex only 
•	 Auto (default): The port operates at 1000FDx and auto-negotiates flow control with the device 
connected to the port. 


Flow Control 
•	 Disabled (default): The port does not generate flow control packets, and drops any flow control 
packets it receives. 


•	 Enabled: The port uses 802.3x Link Layer Flow Control, generates flow control packets, and processes 
received flow control packets. 


With the port mode set to Auto (the default) and Flow Control enabled, the switch negotiates Flow Control 
on the indicated port. If the port mode is not set to Auto, or if Flow Control is disabled on the port, then 
Flow Control is not used. 


Group (menu) Menu Interface: Specifies the static trunk group, if any, to which a port belongs. 
or 
Trunk Group 
CLI: Appears in the show lacp command output to show the LACP trunk, if any, to which a port belongs. 


(CLI)	 
Note: An LACP trunk requires a full-duplex link. In most cases, HP recommends that you leave the 
port Mode setting at Auto (the default). See the LACP Note on page 10-11. 


For more on port trunking, see “Port Trunking” on page 10-10. 


Type	 
This parameter appears in the CLI show trunk listing and, for a port in a trunk group, specifies the type 
of trunk group. The default Type is passive LACP, which can be displayed by using the CLI show lacp 
command. 
For more on port trunking, see “Port Trunking” on page 10-10. 


Broadcast 
Specifies the theoretical maximum of network bandwidth percentage that can be used for broadcast and 


Limit	 
multicast traffic. Any broadcast or multicast traffic exceeding that limit will be dropped. Zero (0) means 
the feature is disabled. 


Note: The broadcast limit command sets the broadcast limit for all ports on the switch. 


10-4 


Optimizing Traffic Flow with Port Controls, Port Trunking, and Port-Based Priority 


Viewing Port Status and Configuring Port Parameters 


Menu: Viewing Port Status and Configuring Port 
Parameters 


From the menu interface, you can configure and view all port parameter 
settings and view all port status indicators. 


Using the Menu To View Port Status. The menu interface displays the 
status for ports and (if configured) a trunk group. 


From the Main Menu, select: 


Status and Counters. . . 


Port Status 


In this example, 
ports A7 and A8 
have previously 
been configured 
as a trunk group. 


Figure 10-1. Example of the Port Status Screen 


Using the Menu To Configure Ports. 


Not e	 
The menu interface uses the same screen for configuring both individual ports 
and port trunk groups. For information on port trunk groups, see “Port 
Trunking” on page 10-10. 


1. 
From the Main Menu, Select: 


2. Switch Configuration... 


2. Port/Trunk Settings 
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Figure 10-2. Example of Port/Trunk Settings with a Trunk Group Configured 


2. 
Press [E] (for Edit). The cursor moves to the Enabled field for the first port. 


3.	 
Refer to the online help provided with this screen for further information 
on configuration options for these features. 


4.	 
When you have finished making changes to the above parameters, press 
[Enter], then press [S] (for Save). 


CLI: Viewing Port Status and Configuring Port 
Parameters 


Port Status and Configuration Commands 


show interfaces brief 
below 


show interface config 
page 10-8 


interface 
page 10-8 


From the CLI, you can configure and view all port parameter settings and view 
all port status indicators. 


Using the CLI To View Port Status. Use the following commands to dis­ 
play port status and configuration: 


■	 
show interfaces brief: Lists the full status and configuration for all ports 
on the switch. 


■	 
show interface config: Lists a subset of the data shown by the show 
interfaces command (above); that is, only the enabled/disabled, mode, and 
flow control status for all ports on the switch. 
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Syntax:	 
show interfaces brief 
show interface config 


These two commands display the information listed in 
table 10-10-2, below. 


Table 10-2. Comparing the "Show Interfaces" Command Options* 


Feature 
Show Interfaces Brief 
Show Interfaces Config 


Port Number and Type 
Yes 
Yes 


Enabled Y/N 
Yes 
Yes 


Flow Control 
Yes 
Yes 


Status Up/Down 
Yes 
No 


Mode (Operating) 
Yes 
No 


Intrusion Alert 
Yes 
No 


Mode (Configured) 
No 
Yes 


* There is also the show interfaces [[e] < port-number >] option, which displays 


port statistics. Refer to “Viewing Port and Trunk Group Statistics and Flow 
Control Status” on page B-9. 


The figures 10-3 and 10-4 list examples of the output of the above two 
commands for the same port configuration. 


Current Operating Mode 


Figure 10-3. Example of a Show Interface Command Listing 
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Current Configured Mode 


Figure 10-4. Example of a Show Interface Config Command Listing 


Using the CLI To Configure Ports. You can configure one or more of the 
following port parameters. For details on each option, see Table 10-10-1 on 
page 10-3. 


Syntax: 
[no] interface <[ethernet] port-list> 


disable | enable 
speed-duplex 


<auto-10 |10-full | 10-half | 100-full | 100-half |auto|1000-full |> 
flow-control 


Note that in the above syntax you can subsitute an “int” for “interface” and an 
“e” for “ethernet”; that is int e <port-list>. 


For example, to configure ports C1 through C3 and port C6 for 100Mbps full- 
duplex, you would enter these commands: 


HPswitch(config)# int e c1-c3,c6 speed-duplex 100-full
 


Similarly, to configure a single port with the settings in the above command, 
you could either enter the same command with only the one port identified, 
or go to the context level for that port and then enter the command. For 
example, to enter the context level for port C6 and then configure that port 
for 100FDx: 


HPswitch(config)# int e c6
 
HPswitch(eth-C6)# speed-duplex 100-full 


If port C8 was disabled, and you wanted to enable it and configure it for 
100FDx with flow-control active, you could do so with either of the following 
command sets. 
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■	 
These commands enable and configure port C8 from the config level: 
HPswitch(config)# int e c8 enable 
HPswitch(config)# int e c8 speed-duplex 100-full 
HPswitch(config)# int e c8 flow-control 


■	 
These commands select the context level for port C8 and then apply all 
of the configuration commands to port C8: 
HPswitch(config)# int e c8
 
HPswitch(eth-C8)# enable 
HPswitch(eth-C8)# speed-duplex 100-full 
HPswitch(eth-C8)# flow-control 


Configuring a Broadcast Limit on the Switch. Executing this command 
configures the broadcast limit for all ports on the switch. 


Syntax: 
broadcast-limit < 0 . . 99 > 


For example, to configure a broadcast limit of 20% for all ports on the switch: 


HPswitch(config)# broadcast-limit 20
 


To display the current broadcast limit setting, use one of the following com­ 
mands: 


HPswitch# show config
 


Displays the startup-config file. The broadcast limit setting 
appears here if configured and saved to the startup-config 
file. 


HPswitch# show running-config 


Displays the running-config file. 


Web: Viewing Port Status and Configuring Port 
Parameters 


In the web browser interface: 


1. 
Click on the Configuration tab. 


2. 
Click on Port Configuration. 


3. 
Select the ports you want to modify and click on Modify Selected Ports. 


4. 
After you make the desired changes, click on Apply Settings. 


Note that the web browser interface displays an existing port trunk group. 
However, to configure a port trunk group, you must use the CLI or the menu 
interface. For more on this topic, see “Port Trunking” on page 10-10. 
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Port Trunking 


Port Status and Configuration Features 


Feature 
Default 
Menu 
CLI 
Web 


viewing port trunks 
n/a 
page 10-16 
page 10-18 
page 10-24 


configuring a static trunk 
none 
page 10-16 
page 10-22 
— 


group 


configuring a dynamic LACP 
trunk group 


LACP passive 
— 
page 10-22 
— 


Port trunking allows you to assign up to four physical links to one logical link 
(trunk) that functions as a single, higher-speed link providing dramatically 
increased bandwidth. This capability applies to connections between back- 
bone devices as well as to connections in other network areas where traffic 
bottlenecks exist. A trunk group is a set of up to four ports configured as 
members of the same port trunk. Note that the ports in a trunk group do not 
have to be consecutive. For example: 


Switch 1: 


Ports c1 - c4 
configured 
as a port 
trunk group. 


The multiple physical links in a trunk behave as one logical link 


port c1 
port c2 
port c3 
port c4 
port c5 
port c6 
port c7 
. . . 
port n 


port a1 
port a2 
port a3 
port a4 
port a5 
port a6 
port a7 
. . . 
port n 


Switch 2: 


Ports a2 and 
a4 - a6 are 
configured as 
a port trunk 
group 


Figure 10-5. Conceptual Example of Port Trunking 


Port Connections and Configuration: All port trunk links must be point- 
to-point connections between the switch and a router, server, workstation, or 
another switch configured for port trunking. No intervening, non-trunking 
devices are allowed. It is important to note that ports on both ends of a port 
trunk group must have the same mode (speed and duplex) and flow control 
settings. 
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Not e	 
Link Connections. The switch does not support port trunking through an 
intermediate, non-trunking device such as a hub, or using morethan one media 
type in a port trunk group. Similarly, all links in the same trunk group must 
have the same speed, duplex, and flow control. 


Port Security Restriction. Portsecurity does not operate on a trunkgroup. 
If you configure port security on one or more ports that are later added to a 
trunk group, the switch will reset the port security parameters for those ports 
to the factory-default configuration. 


C a u t i o n 
To avoid broadcast storms or loops in your network while configuring a 
trunk, first disable or disconnect all ports you want to add to or remove from 
the trunk. After you finish configuring the trunk, enable or re-connect the 
ports. 


Port Trunk Features and Operation 


The switch offers these options for port trunking: 


■ 
LACP (IEEE 802.3ad—page 10-24) 


■ 
Trunk (non-protocol—page 10-31) 


■ 
FEC (Fast EtherChannel®—page 10-31) 


The switch supports six trunk groups of up to four ports each. (Using the Link 
Aggregation Control Protocol—LACP—option, you can include standby 
trunked ports in addition to the maximum of four actively trunking ports.) 


L A C P N o t e 
LACP operation requires full-duplex (FDx) links. For most installations, HP 
recommends that you leave the port Mode settings at Auto (the default). LACP 
also operates with Auto-10, Auto-100, and Auto-1000 (if negotiation selects FDx); 
10FDx, 100FDx, and 1000FDx settings. 


Fault Tolerance: If a link in a port trunk fails, the switch redistributes 
traffic originally destined for that link to the remaining links in the trunk. The 
trunk remains operable as long as there is at least one link in operation. If a 
link is restored, that link is automatically included in the traffic distribution 
again. The LACP option also offers a standby link capability, which enables 
you to keep links in reserve for service if one or more of the original active 
links fails. See “Trunk Group Operation Using LACP” on page 10-24.) 
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Trunk Configuration Methods 


Dynamic LACP Trunk: The switch automatically negotiates trunked links 
between LACP-configured ports on separate devices, and offers one dynamic 
trunk option: LACP. To configure the switch to initiate a dynamic LACP trunk 
with another device, use the interface ethernet command in the CLI to set the 
default LACP option to Active on the ports you want to use for the trunk. For 
example, the following command sets ports C1-C4 to LACP active: 


HPswitch(config) int e c1-c4 lacp active 


Note that the above example works if the ports are not already operating in a 
trunk. To change the LACP option on ports already operating as a trunk, you 
must first remove them from the trunk. For example, if ports C1 - C4 were 
LACP-active and operating in a trunk with another device, you would do the 
following to change them to LACP-passive: 


HPswitch(config)# no int e c1-c4 lacp 


Removes the ports from the trunk. 


HPswitch(config)# int e c1-c4 lacp passive 


Configures LACP passive. 


Static Trunk: The switch uses the links you configure with the Port/Trunk 
Settings screen in the menu interface or the trunk command in the CLI to create 
a static port trunk. The switch offers three types of static trunks: LACP, Trunk, 
and FEC. 


Table 10-3. Trunk Types Used in Static and Dynamic Trunk Groups 


Trunking 
Method 


LACP 
Trunk 
FEC 


Dynamic 
Yes 
No 
No 


Static 
Yes 
Yes 
Yes 
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Table 10-4. Trunk Configuration Protocols 


Protocol 
Trunking Options 


LACP 
(802.3ad) 


Provides dynamic and static LACP trunking options. 
• Dynamic LACP — Use the switch-negotiated dynamic LACP trunk when: 


– The port on the other end of the trunk link is configured for Active or Passive LACP. 
–	 You want to achieve fault-tolerance for high-availability applications where you want a four-link trunk 
with one or more standby links available in case an active link goes down. (Both ends of the link must 
be dynamic LACP.) 


• Static LACP — Use the manually configured static LACP trunk when: 


– The port on the other end of the trunk link is configured for a static LACP trunk 
– You want to configure non-default spanning tree (STP) or IGMP parameters on an LACP trunk group. 
–	 You want an LACP trunk group to operate in a VLAN other than the default VLAN and GVRP is disabled. 
(Refer to “VLANs and Dynamic LACP” on page 10-30.) 


– You want to use a monitor port on the switch to monitor an LACP trunk. 


See “Trunk Group Operation Using LACP” on page 10-24. 


Trunk 
(non- 
protocol) 


Provides manually configured, static-only trunking to: 
• Most HP switches and routing switches not running the 802.3ad LACP protocol. 
• Windows NT and HP-UX workstations and servers 
Use the Trunk option when: 


– The device to which you want to create a trunk link is using a non-802.3ad trunking protocol 
–	 You are unsure which type of trunk to use, or the device to which you want to create a trunk link is 
using an unknown trunking protocol. 


– You want to use a monitor port on the switch to monitor traffic on a trunk. 


See “Trunk Group Operation Using the “Trunk” Option” on page 10-31. 


FEC	 
Provides static trunking to forwarding devices that also support FEC (Fast 
EtherChannel®), such as some Cisco® switches and routers, and some HP-UX and Windows NT servers. 


See “Trunk Operation Using the FEC Option” on page 10-31. 
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Table 10-5. General Operating Rules for Port Trunks 


Media: All ports on both ends of a trunk group must have the same media type and mode (speed and duplex). The switch 
blocks any trunked links that do not conform to this rule. (For the switches covered in this guide, HP recommends leaving 
the port Mode setting at Auto or, in networks using Cat 3 cabling, Auto-10.) 
Port Configuration: The default port configuration is Auto, which enables a port to sense speed and negotiate duplex 
with an Auto-enabled port on another device. HP recommends that you use the Auto setting for all ports you plan to use 
for trunking. Otherwise, you must manually ensure that the mode setting for each port in a trunk is compatible with the 
other ports in the trunk. 


Recommended Port Mode Setting for LACP 


All of the following operate on a per-port basis, regardless of trunk membership: 
• Enable/Disable 
• Flow control (Flow Ctrl)
 
LACP is a full-duplex protocol. See “Trunk Group Operation Using LACP” on page 10-24.
 


Trunk Configuration: All ports in the same trunk group must be the same trunk type (LACP, Trunk, or FEC). All LACP ports 
in the same trunk group must be either all static LACP or all dynamic LACP. 
A trunk appears as a single port labeled Dyn1 (for an LACP dynamic trunk) or Trk1 (for a static trunk of any type: 
LACP, Trunk, or FEC) on various menu and CLI screens. For a listing of which screens show which trunk types, see “How 
the Switch Lists Trunk Data” on page 10-32. 


For STP or VLAN operation, configuration for all ports in a trunk is done at the trunk level. (You cannot separately configure 
individual ports within a trunk for STP or VLAN operation.) 


Traffic Distribution: All of the switch trunk protocols use the SA/DA (Source Address/Destination Address) method of 
distributing traffic across the trunked links. See “Outbound Traffic Distribution Across Trunked Links” on page 10-32. 
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Spanning Tree: Spanning Tree operates as a global setting on the switch (one instance of Spanning Tree per switch). 
However, you can adjust Spanning Tree parameters on a per-port basis. A statictrunk of any type appears in the Spanning 
Tree configuration display, and you can configure Spanning Tree parameters for a static trunk in the same way that you 
would configure Spanning Tree parameters on a non-trunked port. (Note that the switch lists the trunk by name—such 
as Trk1—and does not list the individual ports in the trunk.) For example, if ports C1 and C2 are configured as a static 
trunk named Trk1, they are listed in the Spanning Tree display as Trk1 and do not appear as individual ports in the Spanning 
Tree displays. 


In this example showing 
part of the show spanning- 
tree listing, ports C1 and C2 
are members of TRK1 and 
do not appear as individual 
ports in the port 
configuration part of the 
listing. 


When Spanning Tree forwards on a trunk, all ports in the trunk will be forwarding. Conversely, when Spanning Tree blocks 
a trunk, all ports in the trunk are blocked. 


Note: A dynamic LACP trunk operates only with the default Spanning Tree settings and does not appear in the Spanning 
Tree configuration display or show ip igmp listing. 
If you removea port from a static trunk, the port retains the same Spanning Tree settings that were configured forthetrunk. 


IP Multicast Protocol (IGMP): A static trunk of any type appears in the IGMP configuration display, and you can configure 
IGMP for a static trunk in the same way that you would configure IGMP on a non-trunked port. (Note that the switch lists 
the trunk by name—such as Trk1—and does not list the individual ports in the trunk.) Also, creating a new trunk 
automatically places the trunk in IGMP Auto status if IGMP is enabled for the default VLAN. A dynamic LACP trunk 
operates only with the default IGMP settings and does not appear in the IGMP configuration display or show ip igmp 
listing. 


VLANs: Creating a new trunk automatically places the trunk in the DEFAULT_VLAN, regardless of whether the ports in 
the trunk were in another VLAN. Similarly, removing a port from a trunk group automatically places the port in the default 
VLAN. You can configure a static trunk in the same way that you configure a port for membership in any VLAN. 


Note: For a dynamic trunk to operate in a VLAN other than the default VLAN (DEFAULT_VLAN), GVRP must be enabled. 
See “Trunk Group Operation Using LACP” on page 10-24. 


Port Security: Trunk groups (and their individual ports) cannot be configured for port security, and the switch excludes 
trunked ports from the show port-security listing. If you configure non-default port security settings for a port, then 
subsequently try to place the port in a trunk, you will see the following message and the command will not be executed: 


< port-list > Command cannot operate over a logical port. 


Monitor Port: 


Note: A trunk cannot be a monitor port. A monitor port can monitor a static trunk but cannot monitor a dynamic LACP 
trunk. 
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Menu: Viewing and Configuring a Static Trunk Group 


Important	 
Configure port trunking before you connect the trunked links to another 
switch, routing switch, or server. Otherwise, a broadcast storm could occur. 
(If you need to connect the ports before configuring them for trunking, you 
can temporarily disable the ports until the trunk is configured. See “Using the 
CLI To Configure Ports” on page 10-8.) 


To View and/or Configure Static Port Trunking: This procedure uses 
the Port/Trunk Settings screen to configure a static port trunk group on the 
switch. 


1. 
Follow the procedures in the Important note above. 


2. 
From the Main Menu, Select: 


2. Switch Configuration . . . 


2. Port/Trunk Settings 


3.	 
Press [E] (for Edit) and then use the arrow keys to access the port trunk 
parameters. 


These two columns indicate 
static trunk status. 


(For dynamic LACP trunk 
status, use the CLI show lacp 
command—page 10-20.) 


Figure 10-6. Example of the Menu Screen for Configuring a Port Trunk Group 


4. 
In the Group column, move the cursor to the port you want to configure. 


5.	 
Use the Space bar to choose a trunk group (Trk1 . . . Trk6) trunk group 
assignment for the selected port. 
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•	 
All ports in a trunk must have the same media type and mode (such 
as 10/100TX set to 100FDx, or 100FX set to 100FDx). The flow control 
settings must also be the same for all ports in a given trunk. To verify 
these settings, see “Viewing Port Status and Configuring Port Param­ 
eters” on page 10-2. 


•	 
You can configure the trunk group with one, two, three, or four ports 
per trunk. If multiple VLANs are configured, all ports within a trunk 
will be assigned to the same VLAN or set of VLANs. (With the 802.1Q 
VLAN capability built into the switch, more than one VLAN can be 
assigned to a trunk. See “Port-Based Virtual LANs (Static VLANs)” on 
page 12-3.) 


(To return a port to a non-trunk status, keep pressing the Space bar 
until a blank appears in the highlighted Group value for that port.) 


Figure 10-7. Example of the Configuration for a Two-Port Trunk Group 


6.	 
Move the cursor to the Type column for the selected port and use the 
Space bar to select the trunk type: 


– 
LACP 


– 
Trunk (the default type if you do not specify a type) 


– 
FEC (Fast EtherChannel trunk) 


All ports in the same trunk group on the same switch must have the same 
Type (LACP, Trunk, or FEC). 


7.	 
When you are finished assigning ports to the trunk group, press [Enter], 
then [S] (for Save) and return to the Main Menu. (It is not necessary to 
reboot the switch.) 
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During the Save process, traffic on the ports configured for trunking will 
be delayed for several seconds. If the Spanning Tree Protocol is enabled, 
the delay may be up to 30 seconds. 


8.	 
Connect the trunked ports on the switch to the corresponding ports on 
the opposite device. If you previously disabled any of the trunked ports 
on the switch, enable them now. (See “Viewing Port Status and Configur­ 
ing Port Parameters” on page 10-2.) 


Check the Event Log (“Using Logging To Identify Problem Sources” on page 
C-21) to verify that the trunked ports are operating properly. 


CLI: Viewing and Configuring a Static or Dynamic Port 
Trunk Group 


Trunk Status and Configuration Commands 


show trunks 
below 


show lacp 
page 10-20 


trunk 
page 10-22 


interface lacp 
page 10-22 


Using the CLI To View Port Trunks 


You can list the trunk type and group for all ports on the switch or for selected 
ports. You can also list LACP-only status information for LACP-configured 
ports. 


Listing Static Trunk Type and Group for All Ports or Selected Ports. 


Syntax: 
show trunks [<port-list>] 


Omitting the < port-list > parameter results in a static trunk data listing for all 
LAN ports in the switch. For example, in a switch where ports A4 and A5 
belong to Trunk 1 and ports A7 and A8 belong to Trunk 2, you have the options 
shown in figures 10-8 and 10-9 for displaying port data for ports belonging to 
static trunks. 


10-18 


Optimizing Traffic Flow with Port Controls, Port Trunking, and Port-Based Priority 


Port Trunking 


Using a port list specifies, for switch ports in a static trunk group, only the 
ports you want to view. In this case, the command specifies ports A5 through 
A7. However, because port A6 is not in a static trunk group, it does not appear 
in the resulting listing: 


Port A5 appears with an example of a name that you can optionally assign using the 
Friendly Port Names feature. (See “Using Friendly (Optional) Port Names” on page 7-15.) 


Port A6 does not appear in this listing because 
it is not assigned to a static trunk. 


Figure 10-8. Example Listing Specific Ports Belonging to Static Trunks 


The show trunks [ e ] < port-list > command in the above example includes a 
port list, and thus shows trunk group information only for specific ports that 
have membership in a static trunk. In figure 10-9, the command does not 
include a port list, so the switch lists all ports having static trunk membership. 


Figure 10-9. Example of a Show Trunk Listing Without Specifying Ports 
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Listing Static LACP and Dynamic LACP Trunk Data. This command 
lists data for only the LACP-configured ports. 


Syntax: 
show lacp 


In the following example, ports A1 and A2 have been previously configured 
for a static LACP trunk. (For more on “Active”, see table 10-7 on page 10-28.) 


Figure 10-10. Example of a Show LACP Listing 


Dynamic LACP Standby Links. Dynamic LACP trunking enables you to 
configure standby links for a trunk by including more than four ports in a 
dynamic LACP trunk configuration. When four ports (trunk links) are up, the 
remaining link(s) will be held in standby status. If a trunked link that is “Up” 
fails, it will be replaced by a standby link, which maintains your intended 
bandwidth for the trunk. (See also the “Standby” entry under “Port Status” in 
table 10-7, "LACP Port Status Data", on page 10-28.) In the next example, ports 
A1 through A5 have been configured for the same LACP trunk. Notice that one 
of the links shows Standby status, while the remaining four links are “Up”. 
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“Up” Links 


Standby Link 


Figure 10-11. Example of a Dynamic LACP Trunk with One Standby Link 


Using the CLI To Configure a Static or Dynamic Trunk Group 


I m p o r t a n t 
Configure port trunking before you connect the trunked links between 
switches. Otherwise, a broadcast storm could occur. (If you need to connect 
the ports before configuring them for trunking, you can temporarily disable 
the ports until the trunk is configured. See “Using the CLI To Configure Ports” 
on page 10-8.) 


On the switches covered by this guide you can configure up to six port trunk 
groups having up to four links each (with additional standby links if you’re 
using LACP). You can configure trunk group types as follows: 


Trunk Type 
Trunk Group Membership 


TrkX (Static) 
DynX (Dynamic) 


LACP 
Yes 
Yes 


Trunk 
Yes 
No 


FEC 
Yes 
No 


The following examples show how to create different types of trunk groups. 


10-21 


Optimizing Traffic Flow with Port Controls, Port Trunking, and Port-Based Priority 
Port Trunking 


Configuring a Static Trunk, Static FEC, or Static LACP Trunk Group. 


Syntax: 
trunk < trk1 | trk2 | trk3 | trk4 | trk5 | trk6 > < trunk | fec | lacp > <port-list> 


This example uses ports C4 - C6 to create a non-protocol static trunk group 
with the group name of Trk2. 


HPswitch(config)# trunk trk2 trunk c4-c6
 


Removing Ports from a Static Trunk Group. This command removes 
one or more ports from an existing Trkx trunk group. 


C a u t i o n 
Removing a port from a trunk can result in a loop and cause a broadcast storm. 
When you remove a port from a trunk where STP is not in use, HP recommends 
that you first disable the port or disconnect the link on that port. 


Syntax: 
no trunk < port-list > 


This example removes ports C4 and C5 from an existing trunk group. 


HPswitch(config)# no trunk c4-c5
 


Enabling a Dynamic LACP Trunk Group. In the default port configura­ 
tion, all ports on the switch are set to LACP Passive. However, to enable the 
switch to automatically form a trunk group that is dynamic on both ends of 
the link, the ports on one end of a set of links must be LACP Active. The ports 
on the other end can be either LACP Active or LACP Passive. This command 
enables the switch to automatically establish a (dynamic) LACP trunk group 
when the device on the other end of the link is configured for LACP Passive. 
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Switch “A” 
with ports set 
to LACP 
passive (the 
default). 


Switch “B” 
with ports set 
to LACP 
passive (the 
default). 


Dynamic LACP trunk cannot automatically form because both 
ends of the links are LACP passive. 


(In this case STP blocking is needed to prevent a loop. 


Switch “A” 
with ports set 
to LACP 
active. 


Switch “B” 
with ports set 
to LACP 
passive (the 
default). 


Dynamic LACP trunk automatically forms because both 
ends of the links are LACP and at least one end is LACP 
active. (STP is not needed, and the clear advantages are 
increased bandwidth and fault-tolerance.) 


Figure 10-12. Example of Criteria for Automatically Forming a Dynamic LACP Trunk 


Syntax: 
interface < port-list > lacp active 


This example uses ports C4 and C5 to enable a dynamic LACP trunk group. 


HPswitch(config)# interface c4-c5 lacp active
 


Removing Ports from a Dynamic LACP Trunk Group. To remove a port 
from dynamic LACP trunk operation, you must turn off LACP on the port. (On 
a port inan operating, dynamic LACP trunk, you cannot change between LACP 
Active and LACP passive without first removing LACP operation from the 
port.) 


C a u t i o n 
Unless STP is running on your network, removing a port from a trunk can 
result in a loop. To help prevent a broadcast storm when you remove a port 
from a trunk where STP is not in use, HP recommends that you first disable 
the port or disconnect the link on that port. 
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Syntax: no interface <port-list> lacp 


In this example, port C6 belongs to an operating, dynamic LACP trunk. To 
remove port C6 from the dynamic trunk and return it to passive LACP, you 
would do the following: 


HPswitch>(config)# no interface c6 lacp
 
HPswitch>(config)# interface c6 lacp passive
 


Note that in the above example, if the port on the other end of the link is 
configured for active LACP or static LACP, the trunked link will be re- 
established almost immediately. 


Web: Viewing Existing Port Trunk Groups 


While the web browser interface does not enable you to configure a port trunk 
group, it does provide a view of an existing trunk group. 


To view any port trunk groups: 


Click on the Status tab. 


Click on Port Status. 


Trunk Group Operation Using LACP 


The switch can automatically configure a dynamic LACP trunk group or you 
can manually configure a static LACP trunk group. 


Not e	 
LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 
100FX, etc.) and the same speed, and enforces speed and duplex conformance 
across a trunk group. 


LACP trunk status commands include: 


Trunk Display Method 
Static LACP Trunk 
Dynamic LACP Trunk 


CLI show lacp command 
Included in listing. 
Included in listing. 


CLI show trunk command 
Included in listing. 
Not included. 


Port/Trunk Settings screen in menu interface 
Included in listing. 
Not included 


Thus, to display a listing of dynamic LACP trunk ports, you must use the show 
lacp command. 
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Not e	 
Dynamic LACP trunks operate only in the default VLAN (unless GVRP is 
enabled and Forbid is used to prevent the trunked ports from joining the default 
VLAN). Thus, if an LACP dynamic port forms using ports that are not in the 
default VLAN, the trunk will automatically move to the default VLAN unless 
GVRP operation is configured to prevent this from occurring. In some cases, 
this can create a traffic loop in your network. For more on this topic, refer to 
“VLANs and Dynamic LACP” on page 10-30. 


In most cases, trunks configured for LACP operate as described in table 10- 
10-6 on the next page. 
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Table 10-6. LACP Trunk Types 


LACP Port Trunk 
Configuration 


Operation 


Dynamic LACP	 
This option automatically establishes an 802.3ad-compliant trunk group, with LACP for the port Type 
parameter and DynX for the port Group name, where X is an automatically assigned value from 1 to 6, 
depending on how many dynamic and static trunks are currently on the switch. (The switch allows a 
maximum of six trunk groups in any combination of static and dynamic trunks.) 
Under the following conditions, the switch automatically establishes a dynamic LACP port trunk group 
and assigns a port Group name: 
• The ports on both ends of a link have compatible mode settings (speed and duplex). 
•	 The port on one end of a link must be configured for LACP Active and the port on the other end of 
the same link must be configured for either LACP Passive (the default) or LACP Active. For example: 


Switch 1 


Port X: 


LACP Enable: Active 


Port Y: 


LACP Enable: Active 


Switch 2 


Port A: 


LACP Enable: Active 


Port B: 


LACP Enable: Passive 


Active-to-Active 


Active-to-Passive 


Either of the above link configurations allow a dynamic LACP trunk link. 
Standby Links: A maximum of four operating links are allowed in the trunk, but, with dynamic LACP, you 
can configure one or more backup links that the switch automatically activates if a primary link fails. 
To configure a link as a standby for an existing four-port dynamic LACP trunk, ensure that the ports in 
the standby link are configured the same as either of the above examples. 
Displaying Dynamic LACP Trunk Data: To list the configuration and status for a dynamic LACP trunk, 
use the CLI show lacp command. 


Note: The dynamic trunk is automatically created by the switch, and is not listed in the static trunk 
listings available in the menu interface or in the CLI show trunk listing. 


Static LACP	 
The trunk operates if the trunk group on the opposite device is running one of the following trunking 
protocols: 
• Active LACP 
• Passive LACP 
• Trunk 
• 
FEC 


This option uses LACP for the port Type parameter and TrkX for the port Group parameter, where X 
is an automatically assigned value from 1 to 6, depending on how many static trunks are currently 
operating on the switch. (The switch allows a maximum of six trunk groups in any combination of static 
and dynamic trunks.) 
Displaying Static LACP Trunk Data: To list the configuration and status for a static LACP trunk, use the 
CLI show lacp command. To list a static LACP trunk with its assigned ports, use the CLI show trunk 
command or display the menu interface Port/Trunk Settings screen. 
Static LACP does not allow standby ports. 
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Default Port Operation 


In the default configuration, all ports are configured for passive LACP. How- 
ever, if LACP is not configured, the port will not try to detect a trunk config­ 
uration and will operate as a standard, untrunked port. 


Not e	 
Passive and active LACP port will pause and listen for LACP packets once a 
link is established. Once this pause is complete then the port, if a trunk is not 
detected, will be placed in forwarding mode. Some end-node applications have 
been found to be sensitive to this pause and may require LACP to be disabled 
on the port. 


The following table describes the elements of per-port LACP operation. To 
display this data for a particular switch, execute the following command in 
the CLI: 


HPswitch> show lacp 
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Table 10-7. LACP Port Status Data 


Status Name 
Meaning 


Port Numb	 
Shows the physical port number for each port configured for LACP operation (C1, C2, C3 . . .). Unlisted 
port numbers indicate that the missing ports are assigned to a static Trunk group, an FEC trunk group, 
or are not configured for any trunking. 


LACP Enabled 
Active: The port automatically sends LACP protocol packets. 
Passive: The port does not automatically send LACP protocol packets, and responds only if it receives 
LACP protocol packets from the opposite device. 
A link having either two active LACP ports or one active port and one passive port can perform dynamic 
LACP trunking. A link having two passive LACP ports will not perform LACP trunking because both ports 
are waiting for an LACP protocol packet from the opposite device. 


Note: In the default switch configuration, all ports are configured for passive LACP operation. 


Trunk Group	 
TrkX: This port has been manually configured into a static LACP trunk. 
Trunk Group Same as Port Number: The port is configured for LACP, but is not a member of a port trunk. 


Port Status 
Up: The port has an active LACP link and is not blocked or in Standby mode. 
Down: The port is enabled, but an LACP link is not established. This can indicate, for example, a port that 
is not connected to the network or a speed mismatch between a pair of linked ports. 
Disabled: The port cannot carry traffic. 
Blocked: LACP, STP, or FEC has blocked the port. (The port is not in LACP Standby mode.) This may be 
due to a trunk negotiation (very brief) or a configuration error such as differing port speeds on the same 
link or attempting to connect the switch to more than six trunks. 
Standby: The port is configured for dynamic LACP trunking to another device, but the maximum number 
of ports for the Dynamic trunk to that device has already been reached on either the switch itself or the 
other device. This port will remain in reserve, or “standby” unless LACP detects that another, active link 
in the trunk has become disabled, blocked, or down. In this case, LACP automatically assigns a Standby 
port, if available, to replace the failed port. 


LACP Partner 
Yes: LACP is enabled on both ends of the link. 
No: LACP is enabled on the switch, but either LACP is not enabled or the link has not been detected on 
the opposite device. 


LACP Status	 
Success: LACP is enabled on the port, detects and synchronizes with a device on the other end of the 
link, and can move traffic across the link. 
Failure: LACP is enabled on a port and detects a device on the other end of the link, but is not able to 
synchronize with this device, and therefore not able to send LACP packets across the link. This can be 
caused, for example, by an intervening device on the link (such as a hub), a bad hardware connection, 
or if the LACP operation on the opposite device does not comply with the IEEE 802.3ad standard. 
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LACP Notes and Restrictions 


802.1X (Port-Based Access Control) Configured on a Port. To main­ 
tain security,LACP is not allowedonports configured for 802.1X authenticator 
operation. If you configure port security on a port on which LACP (active or 
passive) is configured, the switch removes the LACP configuration, displays 
a notice that LACP is disabled on the port(s), and enables 802.1X on that port. 


HPswitch(config)# aaa port-access authenticator e b1
 
LACP has been disabled on 802.1X port(s).
 


The switch will not allow you to configure LACP on a port on which port 
access (802.1X) is enabled. For example: 


HPswitch(config)# int e b1 lacp passive
 
Error configuring port < port-number >: LACP and 802.1X cannot be run
 
together.
 


To restore LACP to the port, you must first remove the port’s 802.1X configu­ 
ration and then re-enable LACP active or passive on the port. 


Port Security Configured on a Port. To maintain security, LACP is not 
allowed on ports configured for port security. If you configure port security 
on a port on which LACP (active or passive) is configured, the switch removes 
the LACP configuration, displays a notice that LACP is disabled on the port(s), 
and enables port security on that port. For example: 


HPswitch(config)# port-security e a17 learn-mode static address-limit 2
 
LACP has been disabled on secured port(s).
 


The switch will not allow you to configure LACP on a port on which port 
security is enabled. For example: 


HPswitch(config)# int e a17 lacp passive
 
Error configuring port A17: LACP and port security cannot be run together.
 


To restore LACP to the port, you must remove port security and re-enable 
LACP active or passive. 


Changing Trunking Methods. To convert a trunk from static to dynamic, 
you must first eliminate the static trunk. 
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Static LACP Trunks. Where a port is configured for LACP (Active or 
Passive), but does not belong to an existing trunk group, you can add that port 
to a static trunk. Doing so disables dynamic LACP on that port, which means 
you must manually configure both ends of the trunk. 


Dynamic LACP Trunks. You can configure a port for LACP-active or LACP- 
passive, but on a dynamic LACP trunk you cannot configure the other options 
that you can on static trunks. If you want to manually configure a trunk, use 
the trunk command. (Refer to “Using the CLI To Configure a Static or Dynamic 
Trunk Group” on page 10-21.) 


VLANs and Dynamic LACP. A dynamic LACP trunk operates only in the 
default VLAN (unless you have enabled GVRP on the switch and use Forbid to 
prevent the ports from joining the default VLAN). 


■	 
If you want to use LACP for a trunk on a non-default VLAN and GVRP is 
disabled, configure the trunk as a static trunk. 


■	 
If there are ports that you do not want on the default VLAN, ensure that 
they cannot become dynamic LACP trunk members. Otherwise a traffic 
loop can unexpectedly occur. For example: 


VLAN-1 
(Default 
VLAN) 


VLAN-2 


VLAN-1 
(Default 
VLAN) 


VLAN-2 


VLAN-1 
(Default 
VLAN) 


VLAN-2 


VLAN-1 
(Default 
VLAN) 


VLAN-2 


If the ports in VLAN 2 are configured to allow a dynamic trunk (and GVRP is disabled), adding a 
second link in VLAN 2 automatically forms a dynamic LACP trunk and moves the trunk to VLAN-1 
(the default VLAN), which creates a traffic loop in VLAN 1 between the two switches and 
eliminates the link in VLAN 2 between the two switches. 


Figure 10-13. A Dynamic LACP Trunk Forming in a VLAN Can Cause a Traffic Loop 


Easy control methods include either disabling LACP on the selected ports or 
configuring them to operate in static LACP trunks. 


STP and IGMP. If spanning tree (STP) and/or IGMP is enabled in the switch, 
a dynamic LACP trunk operates only with the default settings for these 
features and does not appear in the port listings for these features. 


Half-Duplex and/or Different Port Speeds Not Allowed in LACP 
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Trunks. The ports on both sides of an LACP trunk must be configured for 
the same speed and for full-duplex (FDx). The 802.3ad LACP standard speci­ 
fies a full-duplex (FDx) requirement for LACP trunking. 


A port configured as LACP passive and not assigned to a port trunk can be 
configured to half-duplex (HDx). However, in any of the following cases, a 
port cannot be reconfigured to an HDx setting: 


■ 
If a port is set to LACP Active, you cannot configure it to HDx. 


■	 
If a port is already a member of a static or dynamic LACP trunk, you cannot 
configure it to HDx. 


■	 
If a port is already set to HDx, the switch does not allow you to configure 
it for a static or dynamic LACP trunk. 


Dynamic/Static LACP Interoperation: A port configured for dynamic 
LACP can properly interoperate with a port configured for static (TrkX) LACP, 
but any ports configured as standby LACP links will be ignored. 


Trunk Group Operation Using the “Trunk” Option 


This method creates a trunk group that operates independently of specific 
trunking protocols and does not use a protocol exchange with the device on 
the other end of the trunk. With this choice, the switch simply uses the SA/DA 
method of distributing outbound traffic across the trunked ports without 
regard for how that traffic is handled by the device at the other end of the 
trunked links. Similarly, the switch handles incoming traffic from the trunked 
links as if it were from a trunked source. 


Use the Trunk option when you are trying to establish a trunk group between 
the switch and another device, but the other device’s trunking operation fails 
to interoperate properly with LACP or FEC trunking configured on the switch 
itself. 


Trunk Operation Using the “FEC” Option 


This is the most flexible method for distributing traffic over trunked links 
when connecting to devices that use the FEC (Fast EtherChannel) technology. 
FEC trunks offer the following benefits: 


■ 
Provide trunked connectivity to a FEC-compliant server, switch, or router. 


■	 
Enable quick convergence to remaining links when a failure is detected 
on a trunked port link. 


■	 
Depending on the capabilities of the device on the other end of the trunk, 
negotiate the forwarding mechanism on the trunk to the non-protocol 
option. 
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■	 
When auto-negotiated to the SA/DA forwarding mechanism, provide 
higher performance on the trunk for broadcast, multicast, and flooded 
traffic through distribution in the same manner as non-protocol trunking. 


■	 
Support FEC automatic trunk configuration mode on other devices. That 
is, when connecting FEC trunks to FEC-capable servers, switches, or 
routers having FEC automatic trunk configuration mode enabled, the 
FEC trunks allow these other devices to automatically form trunk groups. 


How the Switch Lists Trunk Data 


Static Trunk Group: Appears in the menu interface and the output from the 
CLI show trunk and show interfaces commands. 


Dynamic LACP Trunk Group: Appears in the output from the CLI show lacp 
command. 


Interface Option 
Dynamic LACP 
Trunk Group 


Static LACP 
Trunk Group 


Static Non-Protocol 
or FEC Trunk Group 


Menu Interface 


CLI: 


show trunk 


show interfaces 


show lacp 


show spanning-tree 


show igmp 


show config 


No 
Yes 
Yes 


No 
Yes 
Yes 


No 
Yes 
Yes 


Yes 
Yes 
No 


No 
Yes 
Yes 


No 
Yes 
Yes 


No 
Yes 
Yes 


Outbound Traffic Distribution Across Trunked Links 


All three trunk group options (LACP, Trunk, and FEC) use source-destination 
address pairs (SA/DA) for distributing outbound traffic over trunked links. 


SA/DA (source address/destination address) causes the switch to distribute 
outbound traffic to the links within the trunk group on the basis of source/ 
destination address pairs. That is, the switch sends traffic from the same 
source address to the samedestination address through the same trunked link, 
and sends traffic from the same source address to a different destination 
address through a different link, depending on the rotation of path assign- 
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ments among the links in the trunk. Likewise, the switch distributes traffic for 
the same destination address but from different source addresses through 
different links. Because the amount of traffic coming from or going to various 
nodes in a network can vary widely, it is possible for one link in a trunk group 
to be fully utilized while others in the same trunk have unused bandwidth 
capacity even though the address assignments are evenly distributed across 
the links in a trunk. In actual networking environments, this is rarely a 
problem. However, if it becomes a problem, you can use the HP TopTools for 
Hubs & Switches network management software available from Hewlett- 
Packard to quickly and easily identify the sources of heavy traffic (top talkers) 
and make adjustments to improve performance. (For the Switch 2626, refer 
to the Note on page 2-6.) 


Broadcasts, multicasts, and floods from different source addresses are dis­ 
tributed evenly across the links. As links are added or deleted, the switch 
redistributes traffic across the trunk group. For example, in figure 10-14 
showing a three-port trunk, traffic could be assigned as shown in table 10-10-8. 


Switch 
Switch 


A 
W 


C 
B 


D 


1 
2 
3 


C 
C 
C 
Y 
X 


Z 


Figure 10-14. Example of Port-Trunked Network
 


Table 10-8. Example of Link Assignments in a Trunk Group (SA/DA Distribution)
 


Source: 
Destination: 
Link: 


Node A 
Node W 
1 


Node B 
Node X 
2 


Node C 
Node Y 
3 


Node D 
Node Z 
1 


Node A 
Node Y 
2 


Node B 
Node W 
3 
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Configuring Port-Based Priority for 
Incoming Packets 


Feature 
Default 
Menu 
CLI 
Web 


Assigning a priority level to traffic on the basis 
Disabled 
n/a 
page 10-37 
n/a 
of incoming port 


When network congestion occurs, it is important to move traffic on the basis 
of relative importance. However, without prioritization: 


■	 
Traffic from less important sources can consume bandwidth and slow 
down or halt delivery of more important traffic. 


■	 
Most traffic from all ports is forwarded as normal priority, and competes 
for bandwidth with all other normal-priority traffic, regardless of its 
relative importance. 


Traffic received in tagged VLAN packets carries a specific 802.1p priority level
 
(0 - 7) that the switch recognizes and uses to assign packet priority at the 
outbound port. With the default port-based priority, the switch handles traffic 
received in untagged packets as "Normal" (priority level = 0).
 


You can assign a priority level to:
 


■ 
Inbound, untagged VLAN packets
 


■ 
Inbound, tagged VLAN packets having a priority level of 0 (zero)
 


(The switch does not alter the existing priority level of inbound, tagged VLAN 
packets carrying a priority level of 1-7.)
 


Thus, for example, high-priority tagged VLAN traffic received on a port retains 
its priority in the switch. However, you have the option of configuring the port
 
to assign a priority level to untagged traffic and 0-priority tagged traffic the 
port receives.
 


The Role of 802.1Q VLAN Tagging 


An 802.1Q-tagged VLAN packet carries the packet’s VLAN assignment and the 
802.1p priority setting (0 - 7). (By contrast, an untagged packet does not have 
a tag and does not carry a priority setting.) Generally, the switch preserves 
and uses a packet’s priority setting to determine which outbound queue the 
packet belongs in on the outbound port. If the outbound port is a tagged 
member of the VLAN, the packet carries its priority setting to the next, 
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downstream device. If the outbound portis not configured as a tagged member 
of the VLAN, then the tag is stripped from the packet, which then exits from 
the switch without a priority setting. 


Outbound Port Queues and Packet Priority Settings 


Ports on the HP ProCurve switches have the following outbound port queue 
structure: 


Switch Model 
Outbound 
Port Queues 


Switch 6108 
4 


Series 5300XL Switches 
4 


Series 4100GL Switches 
3 


Series 2600 Switches 
4 


Series 2500 Switches 
2 


Switches 1600M/2400M/2424M/4000M/8000M 
2 


As shown below, these port queues map to the eight priority settings specified 
in the 802.1p standard. 


Table 10-9. Mapping Priority Settings to Device Queues 


802.1p Priority Settings Used 
In Tagged VLAN Packets 


Switches with 
3 Outbound 
Port Queues 


Queue Assignment in Downstream Devices 
With: 


4 Queues 
8 Queues 
2 Queues 


1 (low) 
Low 
1 
1 
1 


2 (low) 
Low 
1 
2 
1 


0 (normal priority) 
Normal 
2 
3 
1 


3 
ormal 
2 
4 
1 


4 
igh 
3 
5 
2 


5 
igh 
3 
6 
2 


6 
igh 
4 
7 
2 


7 (high priority) 
High 
4 
8 
2 


N 


H 


H 


H 


For example, suppose you have configured port A10 to assign a priority level 
of 1 (low): 


■	 
An untagged packet coming into the switch on port A10 and leaving the 
switch through any other port configured as a tagged VLAN member 
would leave the switch as a tagged packet with a priority level of 1. 
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■	 
A tagged packet with an 802.1p priority setting of 0 (zero) coming into the 
switch on port A10 and leaving the switch through any other port config­ 
ured as a tagged VLAN member would leave the switch as a tagged packet 
with a priority level of 1. 


■	 
A tagged packet with an 802.1p priority setting (1 - 7) coming into the 
switch on port A10 and leaving the switch through any other port config­ 
ured as a tagged VLAN member would keep its original priority setting 
(regardless of the port-based priority setting on port A10). 


Not e	 
For a packet to carry a given 802.1p priority level fromend-to-endin a network, 
the VLAN for the packet must be configured as tagged on all switch-to-switch 
links. Otherwise the tag is removed and the 802.1p priority is lost as the packet 
moves from one switch to the next. 


Operating Rules for Port-Based Priority 


These rules apply to the operation of port-based priority on the switch. 


■	 
In the switch’s default configuration, port-based priority is configured as 
"0" (zero) for inbound traffic on all ports. 


■	 
On a given port, when port-based priority is configured as 0 - 7, an 
inbound, untagged packet adopts the specified priority and is sent to the 
corresponding outbound queue on the outbound port. (See table 10-9, 
“Mapping Priority Settings to Device Queues”, on page 10-35.) If the 
outbound port is a tagged member ofthe applicable VLAN, then the packet 
carries a tag with that priority setting to the next downstream device. 


■	 
On a given port, when port-based priority is configured as 0 - 7, an 
inbound, tagged packet with a priority of 0 (zero) adopts the specified 
priority and is sent to the corresponding outbound queue on the outbound 
port. (See table 10-9, “Mapping Priority Settings to Device Queues”, on 
page 10-35.) If the outbound port is a tagged member of the applicable 
VLAN, then the packet carries a tag with that priority setting to the next 
downstream device. 


■	 
On a given port, an inbound, tagged packet received on the port with a 
preset priority of 0 - 7 in its tag keeps that priority. T and is assigned an 
outbound queue on the basis of that priority (regardless of the port-based 
priority configured on the port). (Refer to table 10-9, “Mapping Priority 
Settings to Device Queues” on page 10-35.) 


■	 
If a packet leaves the switch through an outbound port configured as an 
untagged member of the packet’s VLAN, then the packet leaves the switch 
without a VLAN tag and thus without an 802.1p priority setting. 
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■	 
Trunked ports do not allow non-default (1 - 7) port-based priority settings. 
If you configure a non-default port-based priority value on a port and then 
add the port to a port trunk, then the port-based priority for that port is 
returned to the default "0". 


Configuring and Viewing Port-Based Priority 


This command enables or disables port-based priority on a per-port basis. You 
can either enter the command on the interface context level or include the 
interface in the command. 


Syntax: interface [e] qos priority < 1 .. 7 > 


Configures a non-default port-based 802.1p priority for 
incoming, untagged packets or tagged packets arriving with 
a "0" priority on the designated ports, as described under 
"Operating Rules for Port-Based Priority", above. 


interface [e] qos priority 0 


Returns a port-based priority setting to the default "0" for 
untagged packets received on the designated port(s). In this 
state the switch handles the untagged packets with "Normal" 
priority. (Refer to table 10-9 on page 10-35.) 


show running-config 


Lists any non-default (1 - 7) port-based priority settings in 
the running-config file on a per-port basis. If the priority is 
set to the (default) "0", the setting is not included in the show 
config listing. 


show config 


Lists any non-default (1 - 7) port-based priority settings in 
the startup-config file on a per-port basis. If the priority is set 
to the (default) "0", the setting is not included in the show 
config listing. 


For example, suppose you wanted to configure ports A10 -A12 on the switch 
to prioritize all untagged, inbound VLAN traffic as "Low" (priority level = 1; 
refer to table 10-9 on page 10-35). 
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Ports A9 - A12 are now configured to 
assign a priority level of "1" (Low) to 
untagged, incoming traffic. (Any 
inbound, tagged traffic retains its 
priority level while transiting the 
switch.) 


Configures port-based 
priority on ports A9 -A12 
to "1" (Low) and saves 
the configuration 
changes to the startup­ 
config file. 


Figure 10-15. Example of Configuring Non-Default Prioritization on Untagged, Inbound Traffic 


Messages Related to Prioritization 


Message 
Meaning 


< priority-level >: Unable to create.	 
The port(s) on which you are trying to configure a qos 
priority may belong to a port trunk. Trunked ports cannot be 
configured for qos priority. 


Troubleshooting Prioritization 


Refer to “Prioritization Problems” on page C-7 in the "Troubleshooting" chap­ 
ter. 
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Using SNMP Tools To Manage the Switch 


Overview 


You can use a network management application such as HP OpenView to 
manage the switch via SNMP from a network management station. In addition, 
the switch includes support for RMON agent statistical sampling for easy-to- 
use traffic monitoring and network activity analysis. 


Not e	 
Although TopTools recognizes the Switch 2626 as an SNMP device, custom­ 
ized device management is not supported for the Switch 2626 in HP TopTools 
for hubs and switches. 


This section includes: 


■ 
An overview of SNMP management for the switch 


■	 
Configuring the switches for: 


• 
SNMP Communities (page 11-11) 


• 
Trap Receivers and Authentication Traps (page 11-17) 


■	 
Information on advanced management through RMON Support (page 
11-23) 


To implement SNMP management, the switch must have an IP address, 
configured either manually or dynamically (using DHCP or Bootp). If multiple 
VLANs are configured, each VLAN interface should have its own IP address. 
For DHCP use with multiple VLANs, see “The Primary VLAN” on page 12-6. 


Not e	 
If you use the switch’s Authorized IP Managers and Management VLAN 
features, ensure that the SNMP management station and/or the choice of 
switch port used for SNMP access to the switch are compatible with the access 
controls enforced by these features. Otherwise, SNMP access to the switch 
will be blocked. For more on Authorized IP Managers, refer to the Access 
Security Guide on the Documentation CD-ROM shipped with your switch and 
also available on the HP ProCurve web site. For information on the Manage­ 
ment VLAN feature, refer to “The Secure Management VLAN” on page 12-26. 


SNMP Management Features 


SNMP management features on the switch include: 


■ 
SNMP version 1, version 2c or version 3 over IP 
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■ 
Security via configuration of SNMP communities (page 11-3) 


■ 
Security via authentication and privacy for SNMP Version 3 access 


■ 
Event reporting via SNMP 


• 
Version 1 traps 


• 
RMON: groups 1, 2, 3, and 9 


■	 
Managing the switch with an SNMP network management tool such as HP 
OpenView 


■	 
Standard MIBs, such as the Bridge MIB (RFC 1493), Ethernet MAU MIB 
(RFC 1515), and others. 


The switch SNMP agent also uses certain variables that are included in a 
Hewlett-Packard proprietary MIB (Management Information Base) file. To 
ensure that you have the latest version in the database of your SNMP network 
management tool, you can copy the MIB file from the HP ProCurve World Wide 
Web site at: 


http://www.hp.com/go/hpprocurve 


Click on software, then MIBs. 


Configuring for SNMP Access to the Switch 


SNMP access requires an IP address and subnet mask configured on the 
switch. (See “IP Configuration” on page 8-3.) If you are using DHCP/Bootp to 
configure the switch, ensure that the DHCP/Bootp process provides the IP 
address. (See “DHCP/Bootp Operation” on page 8-12.) 


Once an IP address has been configured, the main steps for configuring SNMP 
version 1 and version 2c access management features are: 


1.	 
Configure the appropriate SNMP communities. (Refer to “SNMP Commu­ 
nities” on page 11-11.) 


2.	 
Configure the appropriate trap receivers. (Refer to “SNMP Notification 
and Traps” on page 11-17.) 


In some networks, authorized IP manager addresses are not used. In this case, 
all management stations using the correct community name may access the 
switch with the View and Access levels that have been set for that community. 
If you want to restrict access to one or more specific nodes, you can use the 
switch’s IP Authorized Manager feature. (Refer to the Access Security Guide 
for your switch.) 
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C a u t i o n 
The “public” community exists by default and is used by HP’s network man­ 
agement applications. Deleting the “public” community disables many net- 
work management functions (such as auto-discovery, traffic monitoring, 
SNMP trap generation, and threshold setting). If security for network manage­ 
ment is a concern, it is recommended that you change the write access for the 
“public” community to “Restricted”. 


Configuring for SNMP Version 3 Access to the Switch 


SNMP version 3 (SNMPv3) access requires an IP address and subnet mask 
configured on the switch. (See “IP Configuration” on page 8-3.) If you are using 
DHCP/Bootp to configure the switch, ensure that the DHCP/Bootp process 
provides the IP address. (See “DHCP/Bootp Operation” on page 8-12.) 


Once an IP address has been configured, the main steps for configuring SNMP 
version 3 access management features are: 


1.	 
Enable SNMPv3 for operation on the switch (Refer to “SNMP Version 3 
Commands” on page 11-5) 


2.	 
Configure the appropriate SNMP users (Refer to “SNMP Version 3 Users” 
on page 11-7) 


3.	 
Configure the appropriate SNMP communities. (Refer to “SNMP Commu­ 
nities” on page 11-11.) 


4.	 
Configure the appropriate trap receivers. (Refer to “SNMP Notification 
and Traps” on page 11-17.) 


In some networks, authorized IP manager addresses are not used. In this case, 
all management stations using the correct User and community name may 
access the switch with the View and Access levels that have been set for that 
community. If you want to restrict access to one or more specific nodes, you 
can use the switch’s IP Authorized Manager feature. (Refer to the Access 
Security Guide for your switch.) 
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SNMP Version 3 Commands 


SNMP version 3 (SNMPv3) adds a new command to the CLI for configuring 
SNMPv3 functions. To enable SMNPv3 operation on the switch you must: 


a.	 
Enable SNMPv3 with the snmpv3 enable command. An initial user 
entry will be generated with MD5 authentication and DES privacy. 


b.	 You may restrict access to only SNMPv3 agents with the snmpv3 only 
command. A second option would be to restrict write access to only 
SNMPv3 agents with the snmpv3 restricted-access command 


C a u t i o n 
Restricting access to only version 3 messages will make the community named 
“public” inaccessible to network management applications (such as auto- 
discovery, traffic monitoring, SNMP trap generation, and threshold setting) 
from operating in the switch. 


Syntax: [no] snmpv3 enable 


Enable and disable the switch for access from SNMPv3 
agents. This includes the creation of the a initial user record. 


[no] snmpv3 only 


Enables or disables restrictions to access from only SNMPv3 
agents. When enabled the switch will reject all non SNMPv3 
messages 


[no] snmpv3 restricted-access 


Enables or disables restrictions from all non- SNMPv3 agents 
to read only access. 


show snmpv3 enable 


Displays the operating status of SNMPv3 


show snmpv3 only 


Displays status of message reception of non-SNMPv3 
messages. 


show snmpv3 restricted-access 


Displays status of write messages of non-SNMPv3 messages. 
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SNMPv3 Enable 


The snmpv3 enable command starts a dialog that performs three functions: 
enabling the switch to receive SNMPv3 messages, configuring the initial users, 
and, optionally, to restrict non version-3 messages to “read only”. Figure 11-1 
shows and example of this dialog. 


Not e : 
For most SNMPv3 management software to be able to create new users, they
 
S N M P 
must have an initial user record clone. These records can be downgraded, 
Ve r s i o n 3 
given less features, but not upgraded with new features added. For this reason 
Ini tia l User s 
it is recommended that a second user with SHA and DES are created at the 
time you enable SNMPv3 


Enable SNMPv3 


Create initial user models for SNMPv3 
Management Applications 


Set restriction on 
non-SNMPv3 messages 


Figure 11-1. Example of SNMP version 3 Enable Command 
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SNMP Version 3 Users 


The second step to use SNMPv3 on the switch is to configure the users that 
will be assigned to different groups. To establish users on the switch: 


a.	 
Add the users to the User table. This is done with the snmpv3 user 
command. To view the users in the list you use the show snmpv3 user 
command. 


b. Assign users to Security Groups based on their security model. 


C a u t i o n 
When stacking is enabled, SNMPv3 provides security only between an 
SNMPv3 management station and the stack manager. Communications 
between the stack commander and stack members is not secure. 


Syntax:	 [no] snmpv3 user user_name [auth <md5 | sha><auth_pass>] [priv 
priv_pass] 


Add or Deletes an user entry for snmpv3. Authorization 
and Privacy are optional, but to use privacy you must 
use authorization. When deleting a user only the 
user_name is required 


[auth <md5 | sha> <auth_pass>] 


With authorization you can select either md5 
authentication or sha authentication. The auth_pass 
must be 6-32 characters in length and must be included 
when authentication is included. (Default: None) 


[priv priv_pass] 


With privacy the switch only supports DES (56-bit) 
encryption. The privacy password priv_pass must be 
6-32 characters in length and must be included when 
priv is included. (Default: None) 


[no] snmpv3 group group_name user user_name sec-model <ver1| ver2c 
| ver3> 


This command assigns or removes a user to a security 
group for access right to the with. To delete a entry all 
fields must be used. 


group group_name 


This is the group privileges that will be assigned to the 
user. For more details see “Group Access Levels” on 
page 11-10. 
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[no] snmpv3 group group_name user user_name sec-model <ver1| ver2c 
| ver3> (— Continued —) 


user user_name 


This is the user to be added to the access group. This 
must match the user name added with the snmpv3 user 
command. 


sec-model <ver1 | ver2c | ver3> 


This defines which security model to use for the added 
user. A SNMPv3 access Group should only use the ver3 
security model. 


To establish a user you must first add the user names to the list of known users. 
Add user names with the snmpv3 user CLI command. 


Add user Network Admin with no 
Authentication or 


Add user Network Mgr with 
authentication and privacy 


Privacy is used and the 
password is set privpass 


Authentication is set to Md5 
and the password is authpass 


Privacy 


Figure 11-2. Adding and showing Users for SNMPv3 
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Then you must set the group access level to the user. This is done with the 
snmpv3 group command. For more details on the MIBs access for a give group 
see “Group Access Levels” on page 11-10. 


Add NetworkAdmin to 
operator noauth group 


Add NetwrokMgr to managerpriv group 


Pre-assigned groups for 
access by Version 2c and 
version 1 management 
applications 


Figure 11-3. Assign Users to group for SNMPv3 


C a u t i o n 
Adding a user without authentication and/or privacy to a group that requires 
it will cause the user to not be able to access the switch. You should only add 
users to the group that is appropriate for their security parameters 
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Group Access Levels 


The switch supports eight predefined group access levels. There are four 
levels for use with version 3 users and four are used for access by version 2c 
or version 1 management applications. 


Group Name 
Group Access Type 
Group Read View 
Group Write View 


managerpriv 
Ver3 Must have Authentication 
ManagerReadView 
ManagerWriteView 


and Privacy 


managerauth 
Ver3 Must have Authentication 
ManagerReadView 
ManagerWriteView 


operatorauth 
Ver3 Must have Authentication 
OperatorReadView 
DiscoveryView 


operatornoauth 
Ver3 No Authentication 
OperatorReadView 
DiscoveryView 


commanagerrw 
Ver2c or Ver1 
ManagerReadView 
ManagerWriteView 


commanagerr 
Ver2c or Ver1 
ManagerReadView 
DiscoveryView 


comoperatorrw 
Ver2c or Ver1 
OperatorReadView 
OperatorReadView 


comoperatorr 
Ver2c or Ver1 
OperatorReadView 
DiscoveryView 


Each view allows you to view or modify a different set of MIBs. 


■ 
Manager Read View – access to all managed objects 


■	 
Manager Write View – access to all managed objects except the follow­ 
ing: vacmContextTable, vacmAccessTable, vacmViewTreeFamilyTable 


■	 
OperatorReadView – no access to icfSecurityMIB, hpSwitchIpTftp- 
Mode, vacmContextTable, vacmAccessTable, vacmViewTreeFami­ 
lyTable, usmUserTable, snmpCommunityTable 


■ 
Discovery View – Access limited to samplingProbe MIB. 


Not e	 
All access groups and views are predefined on the switch. There is no method 
to modify or add groups or views to those that are pre-defined on the switch. 
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SNMP Communities 


SNMP commuities are supported by the switch to allow management applica­ 
tion that use version 2c or version 1 to access the switch. The communities 
are mapped to Group Access Levels that are used for version 2c or version 1 
support. For more information see “Group Access Levels” on page 11-10. This 
mapping will happen automatically based on the communities access privi­ 
leges, but special mappings can be added with the snmpv3 community com­ 
mand. 


Syntax: [no] snmpv3 community 


This command maps or removes a mapping of a 
community name to a group access level. To remove a 
mapping you only need the index_name. 


< index < index-name >> 


This is an index number or title for the mapping. The values of 
1-5 are reserved and can not be mapped. 


< name < com-name >> 


This is the community name that is being mapped to a group 
access level 


< sec-name < security-name >> 


This is the group level that the community is being mapped. 
For more information see “Group Access Levels” on page 
11-10. 


< tag < tag-value >> 


This is used to specify which target address may have access 
via this index reference. 
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Figure 11-4 shows the assigning of the Operator community on MgrStation1 
to the CommunityOperatorReadWrite group. Any other Operator only has an 
access level of CommunityOperatorReadOnly. 


Add mapping to allow write access for 
Operator community 
MgrStation1 


Two Operator Access Levels 


on 


Figure 11-4. Assigning a Community to a Group Access Level 


Table 11-1. SNMP Community Features 


Feature 
Default 
Menu 
CLI 
Web 


show SNMP communities 
n/a 
page 
page 
— 


11-13 
11-15 


configure identity information 
none 
— 
page 
11-16 


configure community names 
public 
page 
page 
— 


MIB view for a community name 
(operator, manager) 
write access for default 


manager 


11-13 
“ 
“ 


11-16 
“ 
“ 


community name 
unrestricted 
“ 
“ 


Use SNMP communities to restrict access to the switch by SNMP management 
stations by adding, editing, or deleting SNMP communities. You can configure 
up to five SNMP communities, each with either an operator-level or a manager- 
level view, and either restricted or unrestricted write access. 


Using SNMP requires that the switch have an IP address and subnet mask 
compatible with your network. 
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C a u t i o n 
Deleting or changing the community named “public” prevents network man­ 
agement applications (such as auto-discovery, traffic monitoring, SNMP trap 
generation, and threshold setting) from operating in the switch. (Changing or 
deleting the “public” name also generates an Event Log message.) If security 
for network management is a concern, it is recommended that you change the 
write access for the “public” community to “Restricted”. 


Menu: Viewing and Configuring non-SNMP version 3 
Communities 


To View, Edit, or Add SNMP Communities: 


1. 
From the Main Menu, Select: 


2. Switch Configuration... 


6. SNMP Community Names 


Note: This screen gives 
an overview of the 
SNMP communities 
that are currently 
configured. All fields in 
this screen are read- 
only. 


Add and Edit options are 
used to modify the SNMP 
options. See figure 8-2. 


Figure 11-5. The SNMP Communities Screen (Default Values) 


2. 
Press [A] (for Add) to display the following screen: 
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If you are adding a 
community, the 
fields in this screen 
are blank. 


If you are editing an 
existing community, 
the values for the 
currently selected 
Community appear 
in the fields. 


Type the value for this field. 


Use the Space bar to select 
values for other fields 


Figure 11-6. The SNMP Add or Edit Screen 


Need Help? If you need information on the options in each field, press 
[Enter] to move the cursor to the Actions line, then select the Help option 
on the Actions line. When you are finished with Help, press [E] (for Edit) 
to return the cursor to the parameter fields. 


3.	 
Enter the name you want in the Community Name field, and use the Space 
bar to select the appropriate value in each of the other fields. (Use the 
[Tab] key to move from one field to the next.) 


4. 
Press [Enter], then [S] (for Save). 
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CLI: Viewing and Configuring SNMP Community Names 


Community Name Commands 
Page 


show snmp-server [<community-string>] 
11-15 


[no] snmp-server 
11-16 


[community <community-str>] 
11-16 


[host <community-str> <ip-addr>] 
11-21 


[<none | debug | all | not-info | critical>] 


[enable traps <authentication> 
11-22 


Listing Community Names and Values. This command lists the data for 
currently configured SNMP community names (along with trap receivers and 
the setting for authentication traps — see “SNMP Notification and Traps” on 
page 11-17). 


Syntax: 
show snmp-server [<community-string>] 


This example lists the data for all communities in a switch; that is, both the 
default HPswitch "public" community name and another community named 
"blue-team" 


Default 
Community and 
Settings 


Non-Default 
Community and 
Settings 


Trap Receiver 
Data (See page 
11-17.) 


Figure 11-7. Example of the SNMP Community Listing with Two Communities 


To list the data for only one community, such as the "public" community, use 
the above command with the community name included. For example: 


HPswitch# show snmp-server public
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Configuring Community Names and Values. The snmp-server command 
enables you to add SNMP communities with either default or specific access 
attributes, and to delete specific communities. 


Syntax: [no] snmp-server community < community-name > 


Configures a new community name. If you do not also 
specify operator or manager, the switch automatically 
assigns the community to the operator MIB view. If you 
do not specify restricted or unrestricted, the switch auto­ 
matically assigns the community to restricted (read- 
only) access. The no form uses only the < community- 
name > variable and deletes the named community from 
the switch. 


[operator | manager] 


Optionally assigns an access level. At the operator level 
the community can access all MIB objects except the 
CONFIG MIB. At the manager level the community can 
access all MIB objects. 


[restricted | unrestricted] 


Optionally assigns MIB access type. Assigning the 
restricted type allows the community to read MIB vari­ 
ables, but not to set them. Assigning the unrestricted type 
allows the community to read and set MIB variables. 


For example, to add the following communities: 


Community 
Access Level 
Type of Access 


red-team 
manager 


(Access to all MIB objects.) 


unrestricted 


(read/write) 


blue-team 
operator 
(Access to all MIB objects 
except the CONFIG MIB.) 


restricted 


(read-only) 


HPswitch(config)# snmp-server community red-team 
manager unrestricted
 


HPswitch(config)# snmp-server community blue-team 
operator restricted
 


To eliminate a previously configured community named "gold-team": 


HPswitch(config) # no snmp-server community gold-team
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SNMP Notification and Traps 


The switches covered in this guide support the SNMPv3 notification process. 
They also support version 1or version 2c traps. For more information on 
version 1or version2c traps, see “Trap Features” on page 11-19. The SNMPv3 
notification process allows for the messages passed to be authenticated and 
encrypted if you choose. To set up a SNMPv3 notification there are three steps: 


1. 
Establish a Notification with the snmpv3 notify command 


2. 
Point the notification to a Address with the snmpv3 targetaddress com­ 
mand. 


3.	 
Establish a parameter record for the target address with the snmpv3 
params command. 


Syntax: [no] snmpv3 notify < notify-name > [ tagvalue < tag-name > ] 


This adds or deletes a notification request. To remove 
a mapping you only need the notify-name. 


[no] snmpv3 targetaddress < addr-name > params < parms-name> 
< IP-Addr > 


Add or delete an address where notification messages 
are sent. 


filter < none | debug | all | not-info | critical > 


This filter messages to restrict type of messages 
transmitted to address. (Default: none) 


udp-port < port > 


This specifies the UDP port to use. (Default: 162) 


port-mask < mask > 


Used to specific a range of UDP ports. ( Default: 0) 


addr-mask < mask > 


Used to specify a range of address to transit notify 
messages. ( Default: 0) 


retries < value > 


Number times to retransmit a message when no 
response is reviewed. (Default: 3) 


timeout < value > 


How long to wait for a response for the target. ( Default: 
1500) 
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[no] snmpv3 targetaddress < addr-name > params < parms-name> 
< IP-Addr > ( — Continued — ) 


max-msg-size<size> 


The maximum number of bytes of length a message to 
this target can be. ( Default:1472) 


taglist < tag-params > 


Set list of values used to select this entry from 
snmpNotifyTable. 


[no] snmpv3 params < params-name > user < user-name > 


Add or delete a user parameter for use with target 
address. The params-name must match the parms-name 
in the targetaddress command. The user-name should be 
a User from the user table. For more information on 
users see “SNMP Version 3 Users” on page 11-7 
A complete params command must also have a sec-model 
and msg-processing entry. 


< sec-model < ver1 | ver2c | ver3 >> 


This established the security model to use for messages 
passed to the targetaddress. IF ver3 is used then the 
msg-processing must also be ver3. 


< msg-processing < ver1 | ver2c | ver3> [noaut | auth | priv > 


Establish the msg-processing for algorithm for 
messages passed to the target address. If ver3 is used 
and sec-model is ver3 then you must select a security 
services level (< noauth | auth | priv >) 


tagvalue matches taglist value. 


params value matches 
params name. 


Both ver3 means you must select a 
security service level. 


Figure 11-8. Example of SNMPv3 Configuration Session 
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Trap Features 


Feature 
Default 
Menu 
CLI 
Web 


snmp-server host (trap receiver) 
public 
—	 
page 
11-21 


— 


snmp-server enable (authentication trap) 
none 
—	 
page 
11-22 


— 


A trap receiver is a management station designated by the switch to receive 
SNMP traps sent from the switch. An authentication trap is a specialized 
SNMP trap sent to trap receivers when an unauthorized management station 
tries to access the switch. 


Not e	 
Fixed or "Well-Known" Traps: The switch automatically sends fixed traps 
(such as "coldStart", "warmStart", "linkDown", and "linkUp") to trap receivers 
using the public community name. These traps cannot be redirected to other 
communities. Thus, if you change or delete the default public community 
name, these traps will be lost. 


Thresholds: The switch automatically sends all messages resulting from 
thresholds to the network management station(s) that set the thresholds, 
regardless of the trap receiver configuration. 


In the default configuration, there are no trap receivers configured, and the 
authentication trap feature is disabled. From the CLI you can configure up to 
ten SNMP trap receivers to receive SNMP traps from the switch. As an option, 
you can also configure the switch to send Event Log messages as traps. CLI: 
Configuring and Displaying Trap Receivers 


Trap Receiver Commands 
Page 


show snmp-server 
11-20 


snmp-server host 
11-21 


<ip-addr> <community-name> 
[none | all | non-info| critical | debug] 


snmp-server enable traps authentication 
11-21 
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Using the CLI To List Current SNMP Trap Receivers. 


This command lists the currently configured trap receivers and the setting for 
authentication traps (along with the current SNMP community name data — 
see “SNMP Communities” on page 11-11). 


Syntax: show snmp-server 


Displays current community and trap receiver data. 


In the next example, the show snmp-server command shows that the switch 
has been previously configured to send SNMP traps to management stations 
belonging to the “public”, “red-team”, and “blue-team” communities. 


Example of 
Community 
Name Data (See 
page 11-11.) 


Example of Trap 
Receiver Data 


Authentication 
Trap Setting 


Figure 11-9. Example of Show SNMP-Server Listing 
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Configuring Trap Receivers. This command specifies trap receivers by 
community membership, management station IP address, and the type of 
Event Log messages to send to the trap receiver. 


Not e	 
If you specify a community name that does not exist—that is, has not yet been 
configured on the switch—the switch still accepts the trap receiver assign­ 
ment. However, no traps will be sent to that trap receiver until the community 
to which it belongs has been configured on the switch. 


Syntax: snmp-server host < community-string > < ip-address > 


Using community name and destination IP address, 
this command designates a destination network-man­ 
agement station for receiving SNMP event log messages 
from the switch. If you do not specify the event level, 
then the switch does not send event log messages as 
traps. You can specify up to 10 trap receivers (network 
management stations). 


Note: In all cases, the switch sends any threshold 
trap(s) to the network management station(s) that 
explicitly set the threshold(s). 


[<none | all | non-info | critical | debug>] 


Options for sending switch Event Log messages to a 
trap receiver. Refer toTable 11-2, “Options for Sending 
Event Log Messages as Traps,” on page 11-21. The levels 
specified with these options apply only to Event Log 
messages, and not to threshold traps. 


Table 11-2. Options for Sending Event Log Messages as Traps 


Event Level 
Description 


None (default) 
Send no log messages.
 


All 
Send all log messages.
 


Not INFO 
Send the log messages that are not information-only.
 


Critical 
Send critical-level log messages.
 


Debug 
Reserved for HP-internal use.
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For example, to configure a trap receiver in a community named "red-team" 
with an IP address of 10.28.227.130 to receive only "critical" log messages: 


HPswitch(config)# snmp-server trap-receiver red-team 10.28.227.130 
critical
 


Not e s	 
To replace one community name with another for the same IP address, you 
must use no snmp-server host < community-name> < ip-address > to delete the 
unwanted community name. Otherwise, adding a new community name with 
an IP address already in use with another community name simply creates 
two allowable community name entries for the same management station. 


If you do not specify the event level ([<none | all | non-info | critical | debug>]) 
then the switch does not send event log messages as traps. "Well-Known" traps 
and threshold traps (if configured) will still be sent. 


Using the CLI To Enable Authentication Traps 


Not e	 
For this feature to operate, one or more trap receivers must be configured on 
the switch. See “Configuring Trap Receivers” on page 11-21. 


Using the CLI To Enable Authentication Traps. 


Syntax: [no] snmp-server enable traps authentication 


Enables or disables sending an authentication trap to the 
configured trap receiver(s) if an unauthorized management 
station attempts to access the switch. 


For example: 


HPswitch(config)# snmp-server enable traps authentication
 


Check the Event Log in the console interface to help determine why the 
authentication trap was sent. (Refer to “Using Logging To Identify Problem 
Sources” on page C-21.) 
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Advanced Management: RMON 


The switch supports RMON (Remote Monitoring) on all connected network 
segments. This allows for troubleshooting and optimizing your network.
 


The following RMON groups are supported:
 


■ 
Ethernet Statistics (except the numbers of packets of different frame sizes)
 


■ 
Alarm
 


■ 
History (of the supported Ethernet statistics)
 


■ 
Event
 


The RMON agent automatically runs in the switch. Use the RMON manage­
 
ment station on your network to enable or disable specific RMON traps and 
events. 
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CDP 


CDP Features 


Feature 
Default 
Menu 
CLI 
Web 


view the switch’s CDP configuration 
n/a 
— 
page 11-31 
— 


view the switch’s CDP Neighbors table 
n/a 
— 
page 11-31 
— 


clear (reset) the CDP Neighbors table 
n/a 
— 
page 11-32 
— 


enable or disable CDP on the switch 
enabled 
— 
page 11-33 
— 


enable or disable CDP operation on an 
enabled 
— 
page 11-34 
— 


individual port 


change the transmit interval for the switch’s 
CDP packets 


60 seconds 
— 
page 11-35 
— 


change the hold time (time-to-live for CDP 
packets the switch generates) 


180 seconds 
— 
page 11-35 
— 


Introduction 


In the switches covered in this guide, CDP-v1 (Cisco Discovery Protocol, 
version 1) provides data that aids SNMP-based network mapping utilities 
designed to discover devices running CDP in a network. To make this data 
available, the switch transmits information about itself via CDP packets to 
adjacent devices, and also receives and stores information about adjacent 
devices running CDP. This enables each CDP device to receive and maintain 
identity data on each of its CDP neighbors and pass this information off to an 
SNMP utility designed to query the CDP area of the device’s MIB. 


Note 
To take advantage of CDP in the switch, you should have a working knowledge 
of SNMP operation and an SNMP utility capable of polling the switches for 
CDP data. HP’s implementation of CDP places specific data into the switch’s 
Management Information Base (MIB). However, retrieval of this data for 
network mapping is dependent on the operation of your SNMP utility. Refer 
to the documentation provided with the utility. 


An SNMP utility can progressively discover CDP devices in a network by: 
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1.	 Reading a given device’s CDP Neighbor table (in the Management Infor­ 
mation Base, or MIB) to learn about other, neighbor CDP devices 


2.	 Using the information learned in step 1 to go to and read the neighbor 
devices’ CDP Neighbors tables to learn about additional CDP devices, 
and so on 


This section describes CDP operation in the switches covered in this guide. 
For information on how touse an SNMP utility to retrieve the CDP information 
from the switch’s CDP Neighbors table (in the switch’s MIB), refer to the 
documentation provided with the particular SNMP utility. For information on 
the object identifiers in the CDP MIB, see “CDP Neighbor Data and MIB 
Objects” on page 11-37. 


CDP Terminology 


■	 
CDP Device: A switch, server, router, workstation, or other device 
running CDP. 


■	 
CDP-Aware: A device that has CDP in its operating code (with CDP 
either enabled or disabled in that device). 


■	 
CDP-Disabled: A CDP-aware device on which CDP is currently 
disabled. 


■	 
Non-CDP Device: A device that does not have CDP in its operating 
code. 


■	 
CDP Neighbor: A CDP device that is either directly connected to 
another CDP device or connected to that device by a non-CDP device, 
such as some hubs. 
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General CDP Operation 


The switch stores information about adjacent CDP devices in a CDP Neigh­ 
bors table maintained in the switch’s MIB (Management Information Base). 
This data is available to SNMP-based applications designed to read CDP data 
from the MIB. For example: 


Switch "A" 
with CDP Running 
• The Neighbors table in switches "A", "B", and "D" 
contain information on switch "C" only because 
it is the only neighbor for these switches. 


• The Neighbors table in switch "C" contains 
information on switches "A", "B", and "D" 
because all of these switches are neighbors of 
switch "C". 


Note: A given switch’s CDP Neighbor table 
includes data only on neighbor CDP devices, but 
not on that switch itself. 


CDP Neighbor Table 


Switch "C" data 


Switch "B" 
with CDP Running 


CDP Neighbor Table 


Switch "C" data 


Switch "C" 
with CDP Running 


CDP Neighbor Table 


Switch "A" data 
Switch "B" data 
Switch "D" data 


Switch "D" 
with CDP Running 


CDP Neighbor Table 


Switch "C" data 


Figure 11-10. Example of How the Switch Stores Data on Neighbor CDP Devices 


Outgoing Packets 


A switch running CDP periodically transmits a one-hop CDP packet out each 
of its ports. This packet contains data describing the switch and, if the one- 
hop destination is another device running CDP, the receiving device stores the 
sending device’s data in a CDP Neighbors table. The receiving device also 
transmits a similar one-hop CDP packet out each of its ports to make itself 
known to other CDP devices to which it is connected. Thus, each CDP device 
in the network provides data on itself to the CDP neighbors to which it is 
directly connected. However, there are instances where a packet is forwarded 
beyond the immediate neighbor, or simply dropped. 
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Switch "A" 


Switch with CDP 
Running and 
Forwarding CDP 
Packets to Down- 
stream Devices 


Switch "B" 
CDP-Aware 
Switch with 
CDP Running 


Switch "C" 


CDP-Aware 
Switch with 
CDP Disabled 


Router "Y" 


With CDP 
Disabled or 
Nonexistent 


Device "Z" 


Hub or Other 
Non-CDP 
Device 


Router "X" 


With CDP 
Running 


Accepts, but does not forward CDP 
packets describing Switch "A". Also 
transmits CDP packets describing itself 
(Switch "B") out all ports. 


Drops CDP packets describing Switch "A". 
Also does not transmit any CDP packets 
describing itself (Router "Y"). 


Forwards CDP packets from Switch "A" out 
all ports (except the port receiving the 
packets from "A") without any awareness 
of CDP operation. 


Drops CDP packets describing Switch 
"A". Also, does not transmit any CDP 
packets describing itself (Switch "C"). 


Accepts, but does not forward CDP 
packets from Switch "A". Also transmits 
CDP packets describing itself (Router "X") 
out all ports. 


Figure 11-11. Example of Outgoing CDP Packet Operation 


Incoming CDP Packets 


When a CDP-enabled switch receives a CDP packet from another CDP device, 
it enters that device’s data in the CDP Neighbors table, along with the port 
number where the data was received (and does not forward the packet). The 
switch also periodically purges the table of any entries that have expired. (The 
hold time for any data entry in the switch’s CDP Neighbors table is configured 
in the device transmitting the CDP packet, and cannot be controlled in the 
switch receiving the packet.) A switch reviews the list of CDP neighbor entries 
every three seconds, and purges any expired entries. 


Non-CDP devices such as some hubs and other devices that do not have CDP 
capability are transparent to CDP operation. (Other hubs are CDP-aware, but 
still forward CDP packets as if they were transparent to CDP operation. See 
“CDP-Capable Hubs” on page 11-40.) However, an intervening CDP-aware 
device that is CDP-disabled is not transparent. For example, in figure 11-12, 
the CDP neighbor pairs are as follows: A/1, A/2, A/3, A/B, B/C. Note that “C” 
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and “E” are not neighbors because the intervening CDP-disabled switch “D” 
does not forward CDP packets; i.e. is not transparent to CDP traffic. (For the 
same reason, switch “E” does not have any CDP neighbors.) 


CDP Switch "A" 
(CDP Running) 


CDP Neighbor Table 


Port | Data 
-------|-------------------- 
A1 
| Host 1 data 
A1 
| Host 2 data 
A1 
| Host 3 data 
A2 | Switch "B" data 


CDP Workstation "1" 
(Host 1) 
(CDP Running) 
Non-CDP Device "X" 


Such as a Non-CDP 
Hub or Switch 


CDP Workstation "2" 
(Host 2) 
(CDP Running) 
Non-CDP Device "Y" 


Such as a Non-CDP 
Hub or Switch 


CDP Workstation "3" 
(Host 3) 
(CDP Running) 


CDP Switch "B" 
(CDP Running) 


CDP Neighbor Table 


Port | Data 
-------|-------------------- 
B1 
| Switch "A" data 
B7 
| Switch "C" data 


No CDP data for Switch 
"D" because it has dis 
abled CDP operation. 


Port A1 


Port B1 


CDP Switch "C" 
(CDP Running) 


CDP Neighbor Table 


Port | Data 
-------|-------------------- 
C3 
| Switch "B" data 


Port C3 


Port B7 


CDP-Disabled Switch "D" 


(No CDP Neighbor Table) 


This switch drops CDP packets. 


CDP Switch "E" 
(CDP Running) 


CDP Neighbor Table 


Empty-No CDP 
Neighbors 


Port A2 


Port D3 


Port D17 
Port E1 


"A", "1", "2", and "3" are CDP neighbors. 
"A" and "B" are CDP neighbors. 
"B" and "C" are CDP neighbors. 


Because "D" is CDP-capable, but has 
disabled CDP, it is not a CDP neighbor 
to either "B" or "E". 


Port B5 


Figure 11-12. Example of Incoming CDP Packet Results 
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Using the example in figure 11-12, the CDP Neighbor table for switches “A” 
and “B” would appear similar to these: 


Switch A: 


Switch B: 


(Note that no CDP devices appear on port B5, which is connected to a device on which CDP is present, but disabled.) 


Figure 11-13. Example of Viewable CDP Neighbor Table for Switches “A” and “B” in Figure 11-6 


Thus, based on the CDP packets it receives, each CDP device maintains a per­ 
port data entry for each of its neighbors that are running CDP, but not for other 
CDP devices that are accessible only through a CDP neighbor. (See the 
relationship between switches A, B, and C in figure 11-12.) In other words, a 
CDP device will have data on its immediate CDP neighbors (including those 
reached through a device that is transparent to CDP), but not to other CDP 
devices in the network. 


Table 11-3. How Devices Handle Incoming CDP Packets 


Status of Device Receiving 
a CDP Packet 


Action of Receiving Device 


Running CDP 
Stores neighbor data in CDP Neighbor table. Does not forward CDP packet.
 


CDP Disabled 
Drops CDP packet. There is no CDP Neighbor table and no CDP neighbor data is stored.
 


No CDP Capability 
Forwards CDP packet out all ports except the port on which the packet was received.
 


Router Running CDP 
Stores neighbor data in CDP Neighbor table. Does not forward CDP packet.
 


Router with CDP (1) Disabled Drops CDP packet.
 
or (2) Not CDP-Capable 


Non-CDP devices (that is, devices that are not capable of running CDP) are 
transparent to CDP operation. However, an intervening CDP-aware device 
that is CDP-disabled is not transparent. For example, in figure 11-12 (page 
11-28), “B”, “D”, and “E” are not CDP neighbors because “D” (the intervening 
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CDP-disabled switch) does not forward CDP packets; i.e. is not transparent 
to CDP traffic. (For the same reason, switch “E” does not have any CDP 
neighbors.) 


Figure 11-12 (page 11-28) illustrates how multiple CDP neighbors can appear 
on a single port. In this case, switch “A” has three CDP neighbors on port 1 
because the intervening devices are not CDP-capable and simply forward CDP 
neighbors data out all ports (except the port on which the data was received). 


Default Configuration. In the factory-default configuration, CDP is 
enabled and running on all ports. In this case, the holdtime is 180 seconds and 
the timer (CDP Transmit Interval) is 60 seconds. 


Configuring CDP on the Switch 


Using CDP you can: 


■ 
View the switch’s current global and per-port CDP configuration 


■	 
List the current contents of the switch’s CDP Neighbors table (that is, 
view a listing of the CDP devices of which the switch is aware) 


■ 
Enable or disable CDP (Default: Enabled) 


■	 
Specify the hold time (CDP packet time-to-live) for CDP data deliv­ 
ered to neighboring CDP devices. For example, in CDP switch "A" you 
can specify the hold time for switch "A" entries in the CDP Neighbor 
tables of other CDP devices. (Default: 180 seconds) 


■	 
Specify the transmission interval for CDP packets. (Default: 60 
seconds) 


CLI: Viewing and Configuring CDP 


CDP Commands 
Page 


show CDP
 


show CDP neighbors
 


cdp clear
 


[no] cdp run
 


[no] cdp enable
 


cdp holdtime
 


cdp timer
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Viewing the Switch’s Current CDP Configuration 


Syntax: show cdp 


Lists the switch’s global and per-port CDP configuration. 


This example shows the default CDP configuration. 


CDP Enable/Disable on the Switch 


Packet Hold Time in CDP Neighbor Table 


Interval for Transmitting Outbound 
CDP Packets on All Ports 


Per-Port CDP Enable/Disable 


Figure 11-14. Example of Show CDP with the Default CDP Configuration 


Viewing the Switch’s Current CDP Neighbors Table 


Devices are listed by the port on which they were detected. 


Syntax: show cdp neighbors 


Lists the neighboring CDP devices the switch detects, 
with a subset of the information collected from the 
device’s CDP packet. (For more on this topic, refer to 
table 11-4, “CDP Neighbors Data” on page 11-38.) 


[ [e] port-numb [detail] ] 


Lists the CDP-aware device connected to the specified 
port. (Allows only one port at a time.) Using detail 
provides a longer list of details on the CDP-aware 
device the switch detects on the specified port. 


[detail [ [e] port-num ] ] 


Provides a list of the details for all of the CDP-aware 
devices the switch detects. Using port-num produces a 
list of details for the selected port. 


(For more on this topic, see “CDP Neighbor Data and MIB Objects” on page 
11-37.) 
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Figure 11-15 lists six CDP devices (four switches and two workstations) that 
the switch has detected by receiving their CDP packets. 


Figure 11-15. Example of CDP Neighbors Table Listing 


Figure 11-16 illustrates a topology of CDP-enabled devices for the CDP Neigh­ 
bors table listing in figure 11-15. 


HP ProCurve Switch 
Running CDP 


HP Switch 2524 


(HP J4813A: Marketing) 


0030c5-38dc59 


Management 
Workstation 


(Mgmt. NIC) 


099a05-09df9 


HP Switch 4000M 


HP J4821A: Research 


0060b0-889e43 


HP Switch 4000M 


(HP J4121A: Support) 


0060b0-761a45 


HP Switch 2512 


HP J4812A: Accounting 


0030c1-7fcc40 


Management 
Workstation 


(Mgmt. NIC) 


099a05-09df11 


Non-CDP-Capable Hub 


Figure 11-16. Example of CDP-Enabled Devices in a Topology for the Listing in Figure 11-15 


Clearing (Resetting) the CDP Neighbors Table 


Syntax: cdp clear 


Removes any records of CDP neighbor devices from the 
switch’ s CDP MIB objects. 


If you execute cdp clear and then execute show cdp neighbors before the switch 
receives a CDP packet from any neighbor device, the displayed table appears 
empty. 
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Note that the table will again list entries after the switch 
receives new CDP packets from neighboring CDP devices. 


Figure 11-17. View of the CDP Neighbors Table Immediately After Executing cdp clear 


Configuring CDP Operation 


Enabling or Disabling CDP Operation on the Switch. Enabling CDP 
operation (the default) on the switch causes the switch to: 


■	 
Transmit CDP packets describing itself to other, neighboring CDP 
devices 


■	 
Add entries to its CDP Neighbors table for any CDP packets it receives 
from other, neighboring CDP devices 


Disabling CDP operation clears the switch’s CDP Neighbors table, prevents 
the switch from transmitting outbound CDP packets to advertise itself to 
neighboring CDP devices, and causes the switch to drop inbound CDP packets 
from other devices without entering the data in the CDP Neighbors table. 


Syntax: [no] cdp run 


Enables or disables CDP operation on the switch. (Default: 
Enabled) 


For example, to disable CDP on the switch: 


HPswitch(config) no cdp run
 


When CDP is disabled:
 


■ 
show cdp neighbors displays an empty CDP Neighbors table
 


■ 
show cdp displays 


Global CDP information 
Enable CDP [Yes]: No 
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Enabling or Disabling CDP Operation on Individual Ports. In the 
factory-default configuration, the switch has all ports enabled and transmit­ 
ting CDP packets. Disabling CDP on a port prevents that port from sending 
outbound CDP packets and causes it to drop inbound CDP packets without 
recording their data in the CDP Neighbors table. Suppose, for example, that 
switches “A” and “B” in figure 11-18 (below) are running CDP, and that port 
A1 on switch “A” is connected to port B5 on switch “B”. If you disable CDP on 
port A1 of switch “A”, then switch “B” will no longer receive CDP packets from 
switch “A” and switch “A” will drop the CDP packets it receives from switch 
“B”. 


Switch "A" 
CDP Enabled on Port A1 


CDP Neighbor Table 


Port | Data 
------|------------------ 
A1 | Switch "B" data 


Switch "B" 
CDP Enabled on Port B5 


CDP Neighbor Table 


Port | Data 
------|------------------ 
B5 | Switch "A" data 


CDP Enabled on both 
ends of the link between 
"A" and "B". 


Port A1 


Port B5 


Switch "A" 
CDP Disabled on Port A1 


CDP Neighbor Table 


-Empty for port A1- 


Switch "B" 
CDP Enabled on Port B5 


CDP Neighbor Table 


- Empty for Port B5 - 


CDP disabled on port A1 
of switch "A" (but 
enabled on port B5 of 
switch "B". 


Port A1 


Port B5 


Figure 11-18. Example of Disabling CDP on an Individual Port 


(The switch "A" entry in the switch "B" CDP Neighbors table remains until the 
cdp holdtime (time-to-live; set in switch "B") expires. Until then, the show cdp 
neighbors command continues to list switch "A" on port B5 of switch "B".) 


Syntax: 
[no] cdp enable < [e] port-list > 


For example, to disable CDP on port A1: 


HPswitch(config) no cdp enable a1
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Changing the Transmission Interval for Outbound CDP Packets. 


Syntax: cdp timer < 5 . . 254 > 


Changes the interval the switch uses to transmit CDP packets 
describing itself to neighbor devices. (Default: 60 seconds) 


For example, if the switch’s transmit interval for CDP packets was set to a 
non-default value, you would use this command to reset it to one minute: 


HPswitch(config) cdp timer 60
 


Changing the Hold Time (CDP Packet Time-To-Live) for a Switch’s 
CDP Packet Information. This parameter is controlled in the transmitting 
switch, and applies to all outbound CDP packets the switch transmits. 


Syntax: cdp holdtime < 5 . . 254 > 


Changes the hold time for the switch’s CDP packet informa­ 
tion in the CDP Neighbors table of another CDP-aware 
device. (Default: 180 seconds; Range: 10 - 255 seconds.) 


For example, to configure a switch’s outbound CDP packets to live for one 
minute in the CDP Neighbors table of neighboring CDP devices: 


HPswitch(config) cdp holdtime 60
 


Effect of Spanning Tree (STP) On CDP Packet 
Transmission 


If STP has blocked a port on the switch, that port does not transmit CDP 
packets. However, the port stillreceives CDP packets ifthe device on the other 
end of the link has CDP enabled. Thus, for example, if switch "A" has two ports 
linked to switch "B" (which is a CDP neighbor and also the STP root device) 
and STP blocks traffic on one port and forwards traffic on the other: 
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Switch "A" 
CDP Enabled 


CDP Neighbor Table 


Port | Data 
------|------------------ 
A3 | Switch "B"data 


C5 | Switch "B" data 


Switch "B" 
CDP Enabled 


STP Root Device 


CDP Neighbor Table 


Port | Data 
------|------------------ 
B1 | Switch "A" data 


STP block on port C5 of switch "A" blocks 
outbound transmission of CDP packets from 
switch "A", but does not block inbound 
packets to switch "A" from switch "B". 


Port A3 


Port C5 


CDP Packets from Switch "A" to Switch "B" 


Port B1 


Port D8 


CDP Packets from 
Switch "B" to Switch "A" 


Figure 11-19. Example of STP Effect on CDP Packet Transmission 


■	 
Switch "A" sends outbound CDP packets on the forwarding link, and 
the switch "B" CDP Neighbors table shows switch "A" on only one 
port. 


■	 
Switch "B" sends outbound CDP packets on both links, and the switch 
"A" CDP Neighbors table shows switch "B" on both ports. 


To summarize, in a CDP neighbor pair running STP with redundant links, if 
one of the switches is the STP root, it transmits CDP packets out all ports 
connecting the two switches, while the other switch transmits CDP packets 
out only the unblocked port. Thus, the STP root switch will appear on multiple 
ports in the non-root switch’s CDP Neighbors table, while the non-root switch 
will appear on only one port in the root switch’s CDP Neighbors table. 


How the Switch Selects the IP Address To Include in 
Outbound CDP Packets 


A switch with CDP enabled uses the following prioritized criteria to determine 
which IP address to include in its outbound CDP packets: 


1.	 If only one VLAN on the port has an IP address, the switch uses that IP 
address. 


2.	 If the Primary VLAN on the port has an IP address, the switch uses the 
Primary VLAN IP address. 


3.	 If 1 and 2 do not apply, then the switch determines which VLANs on the 
port have IP addresses and uses the IP address of the VLAN with the 
lowest VID (VLAN Identification number) in this group. 
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4.	 If a CDP switch does not detect an IP address on the connecting port of 
a CDP neighbor, then the loopback IP address is used (127.0.0.1). 


For example, in figure 11-20, port A1 on CDP switch “X” is connected to port 
C5 on CDP neighbor switch “Y”, with the indicated VLAN configuration on 
port C5: 


Switch "X" 
CDP Enabled on Port A1 


CDP Neighbor Table 


Port | Data 
------|------------------ 
A1 
| 10.28.227.103 


Switch "Y" 
CDP Enabled on Port C5 


CDP Neighbor Table 


Port | Data 
------|------------------ 
C5 | Switch "X" data 


Port A1 


Port C5 


VLAN Membership in Port C5 of Switch "Y" VID 
IP Address? 


DEFAULT_VLAN (Primary VLAN) 
1 
No 


Blue_VLAN 
200 
10.28.227.103 


Red VLAN 
300 
10.28.227.88 


Thus, CDP switch "X" detects CDP switch "Y" on port A1 and shows 10.28.227.103 in its CDP table entry because in CDP switch "Y" the 
Primary VLAN does not have an IP address and the Blue_VLAN has a lower VID than the Red_VLAN. 


Figure 11-20. Example of IP Address Selection when a CDP Neighbor Has Multiple VLANs with IP 
Addresses 


CDP Neighbor Data and MIB Objects 


The switch places the data received from inbound CDP packets into its MIB 
(Management Information Base). This data is available in three ways: 


■	 
Using the switch’s show cdp neighbors command to display a subset of 
Neighbor data 


■ 
Using the walkmib command to display a listing of the CDP MIB objects 


■	 
Electronically, using an SNMP utility designed to search the MIB for 
CDP data 


As shown under “Viewing the Switch’s Current CDP Neighbors Table” on page 
11-31, you can list a subset of data for each CDP device currently found in the 
switch’s CDP Neighbors table. Table 11-4, “CDP Neighbors Data”, describes 
the CDP Neighbor data set available in the switch. 
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Table 11-4. CDP Neighbors Data 


CDP Neighbor Data 
Displayed 
Neighbors 
Table 


MIB 


Address Type
 


CDP Cache Address
 


Software Version
 


Device Name (ASCII string)
 


Device MAC Address
 


Destination Port Number
 


Source Port Number
 


Product Name (ASCII string)
 


Capability Code (Device Type)
 


No 
Yes 


No 
Yes 


Yes 
Yes 


Yes 
Yes 


Yes 
Yes 


Yes 
Yes 


No 
Yes 


Yes 
Yes 


Yes 
Yes 


(alpha 
(numeric 
character) 
character) 


Always "1" (IP address only). 


IP address of source device. 


ASCII String 


In HP ProCurve switches, this is the value configured for 
the System Name parameter. 


Included in the Device Name entry. 


On the switch itself (the receiving device), the number of 
the port through which the CDP packet arrived. 


On the source (neighbor) device, the number of the port 
through which the CDP packet was sent. 


Platform name designated by vendor. 


1 or R: Router 
2: Transparent Bridge
 
4 or B: Source Route Bridge
 
8 or S: Switch
 
16 or H: Host
 
32 or I: IGMP conditional filtering
 
64 or r: Repeater
 


Displaying CDP Neighbor Data. 


Syntax: walkmib CdpCacheEntry 


Displays the superset of CDP neighbor held in the MIB. 


For example, with two CDP devices connected to ports A1 and A3 on the 
switch, you would see a walkmib listing similar to this: 
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The first number after the MIB string is the switch port on 
which the data point for that entry was received. In this 
case, the switch CDP packets on ports A1 and A3. (For CDP 
purposes, port numbering is consecutive, from 1 to n, 
where n is the last consecutive port on the switch.) 


CDP MIB data is 
grouped by type. 
That is, the 
Address Types 
for all detected 
CDP devices are 
listed first, then 
the IP 
addressesof the 
source devices, 
and so on. 


Figure 11-21. Example of CDP Neighbor Data 


For the current switch MIB, go to the HP ProCurve World Wide Web site at: 


http://ww.hp.com/go/hpprocurve 


Click on software, then MIBs. 


Operating Notes 


Neighbor Maximum. The switch supports up to 60 entries (neighbors) in the 
CDP Neighbors table. Remember that multiple CDP devices can be neighbors 
on the same port if they are connected to the switch through a non-CDP device. 


CDP Version Data. The switch uses CDP-V1, but do not include IP prefix 
information, which is a router function; not a switch application. 


Port Trunking with CDP. Where a static or LACP trunk forms the link 
between the switch and another CDP device, only one physical link in the 
trunk is used to transmit outbound CDP packets. 
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CDP-Capable Hubs. Some hubs are capable of running CDP, but also 
forward CDP packets as if the hub itself were transparent to CDP. Such hubs 
will appear in the switch’s CDP Neighbor table and will also maintain a CDP 
neighbor table similar to that for switches. For more information, refer to the 
documentation provided for the specific hub. 


Troubleshooting CDP Operation. Turn to “Using Logging To Identify 
Problem Sources” on page C-21. 
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Overview 


Overview 


This chapter describes the following features and how to configure them with 
the switch’s built-in interfaces: 


■ 
Port-Based VLANs — Page 12-3: 


■ 
GVRP — Page 12-33: 


For general information on how to use the switch’s built-in interfaces, see:
 


■ 
Chapter 3, “Using the Menu Interface”
 


■ 
Chapter 4, “Using the Command Line Interface (CLI)”
 


■ 
Chapter 5, “Using the HP Web Browser Interface
 


■ 
Chapter 6, “Switch Memory and Configuration”
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Port-Based Virtual LANs (Static VLANs) 


Port-Based Virtual LANs (Static VLANs) 


VLAN Features 


Feature 
Default 
Menu 
CLI 
Web 


view existing VLANs n/a 
page 12-10 page 12-16 page 12-21 
thru 12-15 


configuring static 
VLANs 


default VLAN with 
VID = 1 


page 12-10 
thru 12-15 


page 12-15 page 12-21 


configuring dynamic 
VLANs 


disabled 
See “GVRP” on page 12-33. 


A VLAN is a group of ports designated by the switch as belonging to the same 
broadcast domain. (That is, all ports carrying traffic for a particular subnet 
address would normally belong to the same VLAN.) 


Not e	 
This section describes static VLANs, which are VLANs you manually configure 
with a name, VLAN ID (VID), and port assignments. (For information on 
dynamic VLANs, see “GVRP” on page 12-33.) 


Using a VLAN, you can group users by logical function instead of physical 
location. This helps to control bandwidth usage by allowing you to group high- 
bandwidth users on low-traffic segments and to organize users from different 
LAN segments according to their need for common resources. 


By default, 802.1Q VLAN support is enabled. They allow up to 30 port-based 
VLANs (default: 8). (The 802.1Q compatibility enables you to assign each 
switch port to multiple VLANs, if needed, and the port-based nature of the 
configuration allows interoperation with older switches that require a sepa­ 
rate port for each VLAN.) 


General Use and Operation. Port-based VLANs are typically used to 
reduce broadcast traffic and to increase security. A group of network users 
assigned to a VLAN forms a broadcast domain that is separate from other 
VLANs that may be configured on a switch. On a given switch, packets are 
forwarded only between ports that are designated for the same VLAN. Thus, 
all ports carrying traffic for a particular subnet address should be configured 
to the same VLAN. Cross-domain broadcast traffic in the switch is eliminated 
and bandwidth is saved by not allowing packets to flood out all ports. An 
external router is required to enable separate VLANs on a switch to commu­ 
nicate with each other. 
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For example, referring to figure 12-1, if ports A1 through A4 belong to VLAN_1 
and ports A5 through A8 belong to VLAN_2, traffic from end-node stations on 
ports A2 through A4 is restricted to only VLAN_1, while traffic from ports A5 
through A7 is restricted to only VLAN_2. For nodes on VLAN_1 to communi­ 
cate with VLAN_2, their traffic must go through an external router via ports 
A1 and A8. 


External 
Router 


VLAN_2 


VLAN_1 


Port A1 


Port A8 


Port A2 
Port A3 
Port A4 


Port A5 
Port A6 
Port A7 


Switch with Two 
VLANs Configured 


Figure 12-1. Example of Routing Between VLANs via an External Router 


Overlapping (Tagged) VLANs. A port on the switch can be a member of 
more than one VLAN if the device to which it is connected complies with the 
802.1Q VLAN standard. For example,a port connectedto acentral server using 
a network interface card (NIC) that complies with the 802.1Q standard can be 
a member of multiple VLANs, allowing members of multiple VLANs to use the 
server. Although these VLANs cannot communicate with each other through 
the server, they can all access the server over the same connection from the 
switch. Where VLANs overlap in this way, VLAN “tags” are used to distinguish 
between traffic from different VLANs. 
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HP ProCurve Switch 


Figure 12-2. Example of Overlapping VLANs Using the Same Server 


Similarly, using 802.1Q-compliant switches, you can connect multiple VLANs 
through a single switch-to-switch link. 


HP 
ProCurve 
Switch 


HP 
ProCurve 
Switch 


Figure 12-3. Example of Connecting Multiple VLANs Through the Same Link 


Introducing Tagged VLAN Technology into Networks Running Legacy 
(Untagged) VLANs. You can introduce 802.1Q-compliant devices into net- 
works that have built untagged VLANs based on earlier VLAN technology. The 
fundamental rule is that legacy/untagged VLANs require a separate link for 
each VLAN, while 802.1Q, or tagged VLANs can combine several VLANs in one 
link. This means that on the 802.1Q-compliant device, separate ports (config­ 
ured as untagged) must be used to connect separate VLANs to non-802.1Q 
devices. 
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HP 
ProCurve 
Switch 


HP 
ProCurve 
Switch 


Untagged VLAN Links 


Tagged VLAN 
Link 


Figure 12-4. Example of Tagged and Untagged VLAN Technology in the Same 
Network 


For more information on VLANs, refer to:
 


■ 
“Overview of Using VLANs” (page 12-6)
 


■ 
“Menu: Configuring VLAN Parameters (page 12-10)
 


■ 
“CLI: Configuring VLAN Parameters” (page 12-10)
 


■ 
“Web: Viewing and Configuring VLAN Parameters” (page 12-21)
 


■ 
“VLAN Tagging Information” (page 12-22)
 


■ 
“Effect of VLANs on Other Switch Features” (page 12-30)
 


■ 
“VLAN Restrictions” (page 12-31)
 


Overview of Using VLANs 


VLAN Support and the Default VLAN 


In the factory default configuration, all ports on the switch belong to the 
default VLAN (named DEFAULT_VLAN). This places all ports in the switch 
into one physical broadcast domain. In the factory-default state, the default 
VLAN is the primary VLAN. 


You can partition the switch into multiple virtual broadcast domains by adding 
one or more additional VLANs and moving ports from the default VLAN to the 
new VLANs. (The switch supports up to 30 VLANs.) You can change the name 
of the default VLAN, but you cannot change the default VLAN’s VID (which is 
always “1”). Although you can remove all ports from the default VLAN, this 
VLAN is always present; that is, you cannot delete it from the switch. 


The Primary VLAN 


Because certain features and management functions, such as single IP- 
address stacking, run on only one VLAN in the switch, and because DHCP and 
Bootp can run per-VLAN, there is a need for a dedicated VLAN to manage these 
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features and ensure that multiple instances of DHCP or Bootp on different 
VLANs do not result in conflicting configuration values for the switch. The 
primary VLAN is the VLAN the switch uses to run and manage these features 
and data. In the factory-default configuration, the switch designates the 
default VLAN (DEFAULT_VLAN) as the primary VLAN. However, to provide 
more control in your network, you can designate another VLAN as primary. 
To summarize, designating a non-default VLAN as primary means that: 


■	 
The stacking feature runs on the switch’s designated primary VLAN 
instead of the default VLAN 


■	 
The switch reads DHCP responses on the primary VLAN instead of on the 
default VLAN. (This includes such DHCP-resolved parameters as the 
TimeP server address, Default TTL, and IP addressing—including the 
Gateway IP address—when the switch configuration specifies DHCP as 
the source for these values.) 


■	 
The default VLAN continues to operate as a standard VLAN (except, as 
noted above, you cannot delete it or change its VID). 


■	 
Any ports not specifically assigned to another VLAN will remain assigned 
to the Default VLAN, regardless of whether it is the primary VLAN. 


Candidates for primary VLAN include any static VLAN currently configured 
on the switch. (A dynamic—GVRP-learned—VLAN that has not been con­ 
verted to a static VLAN cannot be the primary VLAN.) To display the current 
primary VLAN, use the CLI show vlan command. 


Not e	 
If you configure a non-default VLAN as the primary VLAN, you cannot delete 
that VLAN unless you first select a different VLAN to act as primary. 


If you manually configure a gateway on the switch, it will ignore any gateway 
address received via DHCP or Bootp. 
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Per-Port Static VLAN Configuration Options 


The following figure and table show the options you have for assigning 
individual ports to a static VLAN. Note that GVRP, if configured, affects these 
options and VLAN behavior on the switch. The display below shows the per- 
port VLAN configuration options. Table 12-1 briefly describes these options. 


Example of Per-Port 
VLAN Configuration 
with GVRP Disabled 
(the default) 


Example of Per-Port 
VLAN Configuration 
with GVRP Enabled 


Enabling GVRP causes “No” to display as “Auto”. 


Figure 12-1. Comparing Per-Port VLAN Options With and Without GVRP 


Table 12-1. Per-Port VLAN Configuration Options 


Parameter 
Effect on Port Participation in Designated VLAN 


Tagged 
Allows the port to join multiple VLANs. 


Untagged	 
Allows VLAN connection to a device that is configured for an untagged 
VLAN instead of a tagged VLAN. The switch allows no more than one 
untagged VLAN assignment per port. 


No 
No: Appears when the switch is not GVRP-enabled; prevents the port from 
- or - 
joining that VLAN. 


Auto	 
Auto: Appears when GVRP is enabled on the switch; allows the port to 
dynamically join any advertised VLAN that has the same VID 


Forbid	 
Prevents the port from joining the VLAN, regardless of whether GVRP is 
enabled on the switch. 
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General Steps for Using VLANs 


1.	 
Plan your VLAN strategy and create a map of the logical topology that will 
result from configuring VLANs. Include consideration for the interaction 
between VLANs and other features such as Spanning Tree Protocol, load 
balancing, and IGMP. (Refer to “Effect of VLANs on Other Switch Fea­ 
tures” on page 12-30.) If you plan on using dynamic VLANs, include the 
port configuration planning necessary to support this feature. (See 
“GVRP” on page 12-33.) 


By default, VLAN support is enabled and the switch is configured for eight 
VLANs. 


2. 
Configure at least one VLAN in addition to the default VLAN. 


3. 
Assign the desired switch ports to the new VLAN(s). 


4.	 
If you are managing VLANs with SNMP in an IP network, each VLAN must 
have an IP address. Refer to “IP Configuration” on page 8-3. 


VLAN Operating Notes 


■ 
If you are using DHCP/Bootp to acquire the switch’s configuration, packet 
time-to-live, and TimeP information, you must designate the VLAN on 
which DHCP is configured for this purpose as the primary VLAN. (In the 
factory-default configuration, the DEFAULT_VLAN is the primary VLAN.) 


■ 
IGMP, and some other features operate on a “per VLAN” basis. This means 
you must configure such features separately for each VLAN in which you 
want them to operate. 


■ 
You can rename the default VLAN, but you cannot change its VID (1) or 
delete it from the switch. 


■ 
Any ports not specifically assigned to another VLAN will remain assigned 
to the DEFAULT_VLAN. 


■ 
To delete a VLAN from the switch, you must first remove from that VLAN 
any ports assigned to it. 


■ 
Changing the numberof VLANs supported on the switch requires a reboot. 
Other VLAN configuration changes are dynamic. 


12-9 


Port-Based Virtual LANs (VLANs) and GVRP 
Port-Based Virtual LANs (Static VLANs) 


Menu: Configuring VLAN Parameters 


In the factory default state, support is enabled for up to eight VLANs. (You can 
change the switch VLAN configuration to support up to 30 VLANs.) Also, all 
ports on the switch belong to the default VLAN (DEFAULT_VLAN) and are in 
the same broadcast/multicast domain. (The default VLAN is also the default 
primary VLAN—see “The Primary VLAN” on page 12-6.) In addition to the 
default VLAN, you can configure up to 29 other static VLANs by changing the 
“Maximum VLANs” parameter, adding new VLAN names and VIDs, and then 
assigning one or more ports to each VLAN. (The switch accepts a maximum 
of 30 VLANs, including the default VLAN and any dynamic VLANs the switch 
creates if you enable GVRP—page 12-33.) Note that each port can be assigned 
to multiple VLANs by using VLAN tagging. (See “VLAN Tagging Information” 
on page 12-22.) 


To Change VLAN Support Settings 


This section describes: 


■ 
Changing the maximum number of VLANs to support 


■ 
Changing the primary VLAN selection (See “Changing the Primary VLAN” 
on page 12-18.) 


■ 
Enabling or disabling dynamic VLANs (See “GVRP” on page 12-33.) 


1. 
From the Main Menu select: 


2. Switch Configuration 


8. VLAN Menu . . . 


1. VLAN Support 


You will then see the following screen: 


Figure 12-5. The Default VLAN Support Screen 


2. 
Press [E] (for Edit), then do one or more of the following: 
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■ 
To change the maximum number of VLANs, type the new number (1 - 30 
allowed; default 8). 


■ 
To designate a different VLAN as the primary VLAN, select the Primary 
VLAN field and use the space bar to select from the existing options. 


■ 
To enable or disable dynamic VLANs, select the GVRP Enabled field and 
use the Space bar to toggle between options. (For GVRP information, see 
“GVRP” on page 12-33.) 


Not e	 
For optimal switch memory utilization, set the number of VLANs at the 
number you will likely be using or a few more. If you need more VLANs later, 
you can increase this number, but a switch reboot will be required at that time. 


3.	 
Press [Enter] and then [S] to save the VLAN support configuration and return 
to the VLAN Menu screen. 


If you changed the value for Maximum VLANs to support, you will see an 
asterisk next to the VLAN Support option (see below). 


An asterisk indicates 
you must reboot the 
switch to implement 
the new Maximum 
VLANs setting. 


Figure 12-6. VLAN Menu Screen Indicating the Need To Reboot the Switch 


–	 
If you changed the VLAN Support option, you must reboot the 
switch before the Maximum VLANs change can take effect. You 
can go on to configure other VLAN parameters first, but remem­ 
ber to reboot the switch when you are finished. 


–	 
If you did not change the VLAN Support option, a reboot is not 
necessary. 


4. 
Press [0] to return to the Main Menu. 
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Adding or Editing VLAN Names 


Use this procedure to add a new VLAN or to edit the name of an existing VLAN. 


1. 
From the Main Menu select: 


2. Switch Configuration 


8. VLAN Menu . . . 


2. VLAN Names 


If multiple VLANs are not yet configured you will see a screen similar to 
figure 12-7: 


Default VLAN 
and VLAN ID 


Figure 12-7. The Default VLAN Names Screen 


2.	 
Press [A] (for Add). You will then be prompted for a new VLAN name and 
VLAN ID: 


802.1Q VLAN ID : 1 
Name : _ 


3.	 
Type in a VID (VLAN ID number). This can be any number from 2 to 4094 
that is not already being used by another VLAN. (The switch reserves “1” 
for the default VLAN.) 


Remember that a VLAN must have the same VID in every switch in which 
you configure that same VLAN. (GVRP dynamically extends VLANs with 
correct VID numbering to other switches. See “GVRP” on page 12-33.) 


4.	 
Press [v] to move the cursor to the Name line and type the VLAN name (up 
to 12 characters, with no spaces) of a new VLAN that you want to add, 
then press [Enter]. 
(Avoid these characters in VLAN names: 2, #, $, ^, &, *, (, and ).) 


5.	 
Press [S] (for Save). You will then see the VLAN Names screen with the 
new VLAN listed. 
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Example of a New 
VLAN and ID 


Figure 12-8. Example of VLAN Names Screen with a New VLAN Added 


6. 
Repeat steps 2 through 5 to add more VLANs. 


Remember that you can add VLANs until you reach the number specified 
in the Maximum VLANs to support field on the VLAN Support screen (see 
figure 12-5 on page 12-10). This includes any VLANs added dynamically 
due to GVRP operation. 


7.	 
Return to the VLAN Menu to assign ports to the new VLAN(s) as described 
in the next section, “Adding or Changing a VLAN Port Assignment”. 


Adding or Changing a VLAN Port Assignment 


Use this procedure to add ports to a VLAN or to change the VLAN assign­ 
ment(s) for any port. (Ports not specifically assigned to a VLAN are automat­ 
ically in the default VLAN.) 


1. 
From the Main Menu select: 


2. Switch Configuration 


8. VLAN Menu . . . 


3. VLAN Port Assignment 


You will then see a VLAN Port Assignment screen similar to the following: 
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Default: In this example, 
the “VLAN-22” has been 
defined, but no ports 
have yet been assigned 
to it. (“No” means the 
port is not assigned to 
that VLAN.) 
Using GVRP? If you plan 
on using GVRP, any 
ports you don’t want to 
join should be changed 
to “Forbid”. 


A port can be assigned 
to several VLANs, but 
only one of those 
assignments can be 
“Untagged”. 


Figure 12-9. Example of VLAN Port Assignment Screen 


2. 
To change a port’s VLAN assignment(s): 


a. 
Press [E] (for Edit). 


b. Use the arrow keys to select a VLAN assignment you want to change. 


c.	 
Press the Space bar to make your assignment selection (No, Tagged, 
Untagged, or Forbid). 


Not e	 
For GVRP Operation: If you enable GVRP on the switch, “No” 
converts to “Auto”, which allows the VLAN to dynamically join an 
advertised VLAN that has the same VID. See “Per-Port Options for 
Dynamic VLAN Advertising and Joining” on page 12-38. 


Untagged VLANs: Only one untagged VLAN is allowed per port. Also, 
there must be at least one VLAN assigned to each port. In the factory 
default configuration, all ports are assigned to the default VLAN 
(DEFAULT_VLAN). 


For example, if you want ports A4 and A5 to belong to both 
DEFAULT_VLAN and VLAN-22, and ports A6 and A7 to belong only to 
VLAN-22, you would use the settings in figure page 12-15. (This example 
assumes the default GVRP setting—disabled—and that you do not plan 
to enable GVRP later.) 
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Ports A4 and A5 are 
assigned to both 
VLANs. 


Ports A6 and A7 are 
assigned only to 
VLAN-22. 


All other ports are 
assigned only to the 
Default VLAN. 


Figure 12-10. Example of VLAN Assignments for Specific Ports 


For information on VLAN tags (“Untagged” and “Tagged”), refer to 
“VLAN Tagging Information” on page 12-22. 


d.	 If you are finished assigning ports to VLANs, press [Enter] and then [S] 
(for Save) to activate the changes you've made and to return to the 
Configuration menu. (The console then returns to the VLAN menu.) 


3. 
Return to the Main menu. 


CLI: Configuring VLAN Parameters 


In the factory default state, all ports on the switch belong to the default VLAN 
(DEFAULT_VLAN) and are in the same broadcast/multicast domain. (The 
default VLAN is also the default primary VLAN—see “The Primary VLAN” on 
page 12-6.) You can configure up to 29 additional static VLANs by adding new 
VLAN names, and then assigning one or more ports to each VLAN. (The switch 
accepts a maximum of 30 VLANs, including the default VLAN and any dynamic 
VLANs the switch creates if you enable GVRP—page 12-33.) Note that each 
port can be assigned to multiple VLANs by using VLAN tagging. (See “VLAN 
Tagging Information” on page 12-22.) 
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VLAN Commands Used in this Section 


show vlans 


show vlan <vlan-id> 


max-vlans <1..30> 


primary-vlan <vlan-id> 


[no] vlan <vlan-id> 


name <vlan-name> 


[no] tagged <port-list> 


[no] untagged <port-list> 


[no] forbid 


auto <port-list> 


static-vlan <vlan-id> 


below
 


page 12-17
 


page 12-18
 


page 12-18
 


page 12-19
 


page 12-20
 


page 12-20
 


page 12-20
 


page 12-20
 


page 12-20 (Available if GVRP enabled.)
 


page 12-19 (Available if GVRP enabled.)
 


Displaying the Switch’s VLAN Configuration. The next command lists 
the VLANs currently running in the switch, with VID, VLAN name, and VLAN 
status. Dynamic VLANs appear only if the switch is running with GVRP 
enabled and one or more ports has dynamically joined an advertised VLAN. 
(In the default configuration, GVRP is disabled. (See “GVRP” on page 12-33.) 


Syntax: 
show vlan 


When GVRP is disabled 
(the default), Dynamic 
VLANs do not exist on 
the switch and do not 
appear in this listing. 
(See “GVRP” on 
page 12-33.) 


Figure 12-11. Example of “Show VLAN” Listing (GVRP Enabled) 
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Displaying the Configuration for a Particular VLAN . This command 
uses the VID to identify and display the data for a specific static or dynamic 
VLAN. 


Syntax: 
show vlan <vlan-id> 


Figure 12-12. Example of “Show VLAN” for a Specific Static VLAN 


Show VLAN lists this 
data when GVRP is 
enabled and at least 
one port on the switch 
has dynamically 
joined the designated 
VLAN. 


Figure 12-13. Example of “Show VLAN” for a Specific Dynamic VLAN 
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Changing the Number of VLANs Allowed on the Switch. By default, 
the switch allows a maximum of 8 VLANs. You can specify any value from 1 
to 30. (If GVRP is enabled, this setting includes any dynamic VLANs on the 
switch.) As part of implementing a new value, you must execute a write 
memory command (to save the new value to the startup-config file) and then 
reboot the switch. 


Syntax: 
max-vlans <1 .. 30> 


For example, to reconfigure the switch to allow 10 VLANs: 


Note that you can 
execute these 
three steps at 
another time. 


Figure 12-14. Example of Command Sequence for Changing the Number of VLANs 


Changing the Primary VLAN. In the factory-default configuration, the 
default VLAN (DEFAULT_VLAN) is the primary VLAN. However, you can 
designate any static VLAN on the switch as the primary VLAN. (For more on 
the primary VLAN, see “The Primary VLAN” on page 12-6.) To view the 
available VLANs and their respective VIDs, use show vlan. 


Syntax: 
primary-vlan <vlan-id> 


For example, to make VLAN 22 the primary VLAN: 


HPswitch(config)# primary-vlan 22
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Creating a New Static VLAN 
Changing the VLAN Context Level. 


With this command, entering a new VID creates a new static VLAN. Entering 
the VID or name of an existing static VLAN places you in the context level for 
that VLAN. 


Syntax: 
vlan <vlan-id> [name <name-str>] 
Creates a new static VLAN if a VLAN with that VID does not 
already exist, and places you in that VLAN’s context level. If 
you do not use the name option, the switch uses “VLAN” and 
the new VID to automatically name the VLAN. If the VLAN 
already exists, the switch places you in the context level for 
that VLAN. 


vlan <vlan-name> 
Places you in the context level for that static VLAN. 


For example, to create a new static VLAN with a VID of 100: 


Creating the new VLAN. 


Showing the result. 


Figure 12-15. Example of Creating a New Static VLAN 


To go to a different VLAN context level, such as to the default VLAN: 


HPswitch(vlan-100)# vlan default_vlan
 
HPswitch(vlan-1) _
 


Converting a Dynamic VLAN to a Static VLAN. If GVRP is running on 
the switch and a port dynamically joins a VLAN, you can use the next 
command to convert the dynamic VLAN to a static VLAN. (For GVRP and 
dynamic VLAN operation, see “GVRP” on page 12-33.) This is necessary if you 
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want to make the VLAN permanent. After you convert a dynamic VLAN to 
static, you must configure the switch’s per-port participation in the VLAN in 
the same way that you would for any static VLAN. 


Syntax: 
static-vlan <vlan-id> 
(Use show vlan to list current VIDs.) 


For example, suppose a dynamic VLAN with a VID of 125 exists on the switch. 
The following command converts the VLAN to a static VLAN. 


HPswitch(config)# static-vlan 125
 


Configuring Static VLAN Name and Per-Port Settings. The vlan <vlan- 
id> command, used with the options listed below, changes the name of an 
existing static VLAN and changes the per-port VLAN membership settings. 


Not e	 
You can use these options from the configuration level by beginning the 
command with vlan <vlan-id>, or from the context level of the specific VLAN. 


Syntax: 
name <vlan-name> 


Changes the name of the existing static VLAN. (Avoid 
spaces and the following characters in the <vlan-name> 
entry: 2, #, $, ^, &, *, (, and ).) 


[no] tagged <port-list> 
Configures the indicated port(s) as Tagged for the specified 
VLAN. The “no” version sets the port(s) to either No or (if 
GVRP is enabled) to Auto. 


[no] untagged <port-list> 
Configures the indicated port(s) as Untagged for the 
specified VLAN. The “no” version sets the port(s) to either 
No or (if GVRP is enabled) to Auto. 


[no] forbid <port-list> 
Configures the indicated port(s) as “forbidden” to 
participate in the designated VLAN. The “no” version sets 
the port(s) to either No or (if GVRP is enabled) to Auto. 


auto <port-list> 
Available if GVRP is enabled on the switch. Returns the 
per-port settings for the specified VLAN to Auto operation. 
Note that Auto is the default per-port setting for a static 
VLAN if GVRP is running on the switch. (For information 
on dynamic VLAN and GVRP operation, see 
“GVRP” on page 12-33.) 
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For example, if you have a VLAN named VLAN100 with a VID of 100, and all 
ports are set to No for this VLAN. To change the VLAN name to “Blue_Team” 
and set ports 1-5 to Tagged, you could do so with these commands: 


HPswitch(config)# vlan 100 name Blue_Team
 
HPswitch(config)# vlan 100 tagged 1-5
 


To move to the vlan 100 context level and execute the same commands: 


HPswitch(config)# vlan 100
 
HPswitch(vlan-100)# name Blue_Team
 
HPswitch(vlan-100)# tagged 1-5
 


Similarly, to change the tagged ports in the above examples to No (or Auto, if 
GVRP is enabled), you could use either of the following commands. 


At the config level, use: 


HPswitch(config)# no vlan 100 tagged 1-5
 


- or - 


At the VLAN 100 context level, use: 


HPswitch(vlan-100)# no tagged 1-5 


Not e	 
You cannot use these commands with dynamic VLANs. Attempting to do so 
results in the message “VLAN already exists.” and no change occurs. 


Web: Viewing and Configuring VLAN Parameters 


In the web browser interface you can do the following:
 


■ 
Add VLANs
 


■ 
Rename VLANs
 


■ 
Remove VLANs
 


■ 
Configure GVRP mode
 


■ 
Select a new Primary VLAN
 


To configure static VLAN port parameters, you will need to use the menu 
interface (available by Telnet from the web browser interface) or the CLI.
 


1. 
Click on the Configuration tab. 


2. 
Click on VLAN Configuration. 


3. 
Click on Add/Remove VLANs. 


For web-based Help on how to use the web browser interface screen, click on 
the [?] button provided on the web browser screen. 
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VLAN Tagging Information 


VLAN tagging enables traffic from more than one VLAN to use the same port. 
(Even when two or more VLANs use the same port they remain as separate 
domains and cannot receive traffic from each other without going through an 
external router.) As mentioned earlier, a “tag” is simply a unique VLAN 
identification number (VLAN ID, or VID) assigned to a VLAN at the time that 
you configure the VLAN name in the switch. The tag can be any number from 
1 to 4094 that is not already assigned to a VLAN. When you subsequently assign 
a port to a given VLAN, you must implement the VLAN tag (VID) if the port 
will carry traffic for more than one VLAN. Otherwise, the port VLAN assign­ 
ment can remain “untagged” because the tag is not needed. On a given switch, 
this means you should use the “Untagged” designation for a port VLAN 
assignment where the port is connected to non 802.1Q-compliant device or is 
assigned to only one VLAN. Use the “Tagged” designation when the port is 
assigned to more than one VLAN or the port is connected to a device that does 
comply with the 802.1Q standard. 


For example, if port A7 on an 802.1Q-compliant switch is assigned to only the 
Red VLAN, the assignment can remain “untagged” because the port will 
forward traffic only for the Red VLAN. However, if both the Red and Green 
VLANs are assigned to port A7, then at least one of those VLAN assignments 
must be “tagged” so that Red VLAN traffic can be distinguished from Green 
VLAN traffic. The following illustration shows this concept: 


Blue 
Server 
White 
Server 


Green 
Server 


Red 
Server 


Red 
VLAN 


Blue 
VLAN 


White 
VLAN 


Green 
VLAN 
Green 
VLAN 
Red 
VLAN 


Switch 
"X" 


5 
6 


7 


4 


1 


3 


2 


Switch 
"Y" 


5 


4 


1 


3 


2 


Red VLAN: Untagged 
Green VLAN: Tagged 


Ports 1-6: Untagged 
Port 7: Red VLAN Untagged 
Green VLAN Tagged 


Ports 1-4: Untagged 
Port 5: Red VLAN Untagged 
Green VLAN Tagged 


Figure 12-16. Example of Tagged and Untagged VLAN Port Assignments 
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■ 
In switch X: 


•	 
VLANs assigned to ports X1 - X6 can all be untagged because there is 
only one VLAN assignment per port. Red VLAN traffic will go out only 
the Red ports; Green VLAN traffic will go out only the Green ports, 
and so on. Devices connected to these ports do not have to be 802.1Q- 
compliant. 


•	 
However, because both the Red VLAN and the Green VLAN are 
assigned to port X7, at least one of the VLANs must be tagged for this 
port. 


■ 
In switch Y: 


•	 
VLANs assigned to ports Y1 - Y4 can all be untagged because there is 
only one VLAN assignment per port. Devices connected to these ports 
do not have to be 802.1Q-compliant. 


•	 
Because both the Red VLAN and the Green VLAN are assigned to port 
Y5, at least one of the VLANs must be tagged for this port. 


■ 
In both switches: The ports on the link between the two switches must be 
configured the same. As shown in figure 12-16 (above), the Red VLAN 
must be untagged on port X7 and Y5 and the Green VLAN must be tagged 
on port X7 and Y5, or vice-versa. 


Not e	 
Each 802.1Q-compliant VLAN must have its own unique VID number, and that 
VLAN must be given the same VID in every device in which it is configured. 
That is, if the Red VLAN has a VID of 10 in switch X, then 10 must also be used 
for the Red VID in switch Y. 


VID Numbers 


Figure 12-17. Example of VLAN ID Numbers Assigned in the VLAN Names Screen 
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VLAN tagging gives you several options: 


■ 
Since the purpose of VLAN tagging is to allow multiple VLANs on the same 
port, any port that has only one VLAN assigned to it can be configured as 
“Untagged” (the default). 


■ 
Any port that has two or more VLANs assigned to it can have one VLAN 
assignment for that port as “Untagged”. All other VLANs assigned to the 
same port must be configured as “Tagged”. (There can be no more than 
one Untagged VLAN on a port.) 


■ 
If all end nodes on a port comply with the 802.1Q standard and are 
configured to use the correct VID, then, you can configure all VLAN 
assignments on a port as “Tagged” if doing so makes it easier to manage 
your VLAN assignments, or for security reasons. 


For example, in the following network, switches X and Y and servers S1 and 
S2 are 802.1Q-compliant. (Server S3 could also be 802.1Q-compliant, but it 
makes no difference for this example.) 


Red VLAN: Untagged 


Red VLAN: Untagged 
Red VLAN: Untagged 


Green VLAN: Tagged 


Green VLAN: Tagged 
Green VLAN: Tagged 


Green VLAN only 


Server 
S1 
Server 
S2 


Server 
S3 


Green 
VLAN 
Green 
VLAN 
Red 
VLAN 
Red 
VLAN 


Switch 
"X" 


X1 


X2 


X3 
X4 


Switch 
"Y" 


Y1 


Y4 


Y2 
Y5 


Y3 


Figure 12-18. 	Example of Networked 802.1Q-Compliant Devices with Multiple 
VLANs on Some Ports 
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The VLANs assigned to ports X3, X4, Y2, Y3, and Y4 can all be untagged 
because there is only one VLAN assigned per port. Port X1 has multiple VLANs 
assigned, which means that one VLAN assigned to this port can be untagged 
and any others must be tagged. The same applies to ports X2, Y1, and Y5. 


Switch X 
Switch Y 


Port 
Red VLAN 
Green VLAN 
Port 
Red VLAN 
Green VLAN 


X1 
Untagged 
Tagged 
Y1 
Untagged 
Tagged 


X2 
Untagged 
Tagged 
Y2 
No* 
Untagged 


X3 
No* 
Untagged 
Y3 
No* 
Untagged 


X4 
Untagged 
No* 
Y4 
Untagged 
No* 


Y5 
Untagged 
Tagged 


*”No” means the port is not a member of that VLAN. For example, port X3 is not 
a member of the Red VLAN and does not carry Red VLAN traffic. Also, if GVRP 
were enabled, “Auto” would appear instead of “No”. 


Not e	 
VLAN configurations on ports connected by the same link must match. 
Because ports X2 and Y5 are opposite ends of the same point-to-point connec­ 
tion, both ports must have the same VLAN configuration; that is, both ports 
configure the Red VLAN as “Untagged” and the Green VLAN as “Tagged”. 


To summarize: 


VLANs Per 
Port 


Tagging Scheme 


1	 
Untagged or Tagged. If the device connected to the port is 802.1Q-compliant, 
then the recommended choice is “Tagged”. 


2 or More 
1 VLAN Untagged; all others Tagged 
or 
All VLANs Tagged 


A given VLAN must have the same VID on any 802.1Q-compliant device in which the VLAN is 
configured. 
The ports connecting two 802.1Q devices should have identical VLAN configurations, as 
shown for ports X2 and Y5, above. 
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The Secure Management VLAN 


Configures a secure Management VLAN by creating an isolated network for 
managing the HP ProCurve switches that support this feature. As of June 1, 
2003, includes these HP ProCurve switch models: 


• 
Series 4100GL 


• 
Series 5300XL 


• 
Series 2600 Switches 


• 
Switch 6108 


Access to this VLAN, and to the switch’s management functions (Menu, CLI, 
and web browser interface) is available only through ports configured as 
members. 


■■ Multiple ports on the switch can belong to the Management VLAN. This 
allows connections for multiple management stations you want to have 
access to the Management VLAN, while at the same time allowing Man­ 
agement VLAN links between switches configured for the same Manage­ 
ment VLAN. 


■■ Only traffic from the Management VLAN can manage the switch, which 
means that only the workstations and PCs connected to ports belonging 
to the Management VLAN can manage and reconfigure the switch. 


Figure 12-19 illustrates use of the Management VLAN feature to support 
management access by a group of management workstations. 


Links with Ports Belonging to the Management VLAN and other VLANs 


Links Between Ports on a Hub and Ports belonging to the Management VLAN 


Links Not Belonging to the Management VLAN 


Links to Other Devices 


Hub Y 


Switch A 


Hub X 


Switch B 
Server 


Switch C 


Management Workstations 


• Switches “A”, “B”, and 
“C” are connected by 
ports belonging to the 
management VLAN. 
• Hub “X” is connected 
to a switch port that 
belongs to the 
management VLAN. As 
a result, the devices 
connected to Hub X are 
included in the 
management VLAN. 
• Other devices 
connected to the 
switches through ports 
that are not in the 
management VLAN are 
excluded from 
management traffic. 


Figure 12-19. Example of Potential Security Breaches 
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In figure 12-20, Workstation 1 has management access to all three switches 
through the Management VLAN, while the PCs do not. This is because config­ 
uring a switch to recognize a Management VLAN automatically excludes 
attempts to send management traffic from any other VLAN. 


Switch 
A 
3 


Port A1 
Port A3 
Port A6 
Port A7 


4 


1 


Switch 
B 


Port B2 
Port B4 
Port B5 
Port B9 


Switch 
C 


Port C2 
Port C3 
Port C6 
Port C8 


Server 


Server 
Server 


2 


Links with Ports 
Configured as Members of 
the Management VLAN 
and other VLANs 


Links Not Belonging to the 
Management VLAN 


System 
Management 
Workstation 
Marketing 


Shipping 
System Server 
(on the 
DEFAULT_VLAN) 


Figure 12-20. Example of Management VLAN Control in a LAN 


Table 12-2. VLAN Membership in Figure 12-20 


Switch 
A1 
A3 
A6 
A7 
B2 
B4 
B5 
B9 
C2 
C3 
C6 
C8 


Management VLAN (VID = 7) 
Y 
N 
Y 
N 
Y 
N 


Marketing 
VLAN (VID 
= 
12) 
N 
N 
N 
Y 
Y 


Shipping Dept. VLAN (VID = 20) 
N 
Y 
N 
N 
N 


DEFAULT-VLAN (VID = 1) 
Y 
Y 
Y 
Y 


N 
Y 
Y 
N 
N 
N 


N 
N 
N 
N 
N 
N 
Y 


Y 
N 
N 
N 
N 
N 
N 


Y 
Y 
Y 
Y 
Y 
Y 
Y 
Y 


Preparation 


1. 
Determine a VID and VLAN name suitable for your Management VLAN. 


2.	 
Determine the IP addressing for the Management VLAN (DHCP/Bootp or 
Manual. 


3.	 
Plan your Management VLAN topology to use HP ProCurve switches that 
support this feature. (See the list on page 12-26.) The ports belonging to 
the Management VLAN should be only the following: 


•	 
Ports to which you will connect authorized management stations 
(such as Port A7 in figure 12-20.) 
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•	 
Ports on one switch that you will use to extend the Management VLAN 
to ports on other HP ProCurve switches (such as ports A1 and B2 or 
B4 and C2 in figure 12-20 on page 12-27.). 


Hubs dedicated to connecting management stations to the Management VLAN 
can also be included in the above topology. Note that any device connected 
to a hub in the Management VLAN will also have Management VLAN access. 


4. 
Configure the Management VLAN on the selected switch ports. 


5.	 
Test the management VLAN from all of the management stations autho­ 
rized to use the Management VLAN, including any SNMP-based network 
management stations. Ensure that you include testing any Management 
VLAN links between switches. 


Not e	 
If you configure a Management VLAN on a switch by using a Telnet connection 
through a port that is not in the Management VLAN, then you will lose 
management contact with the switch if you log off your Telnet connection or 
execute write memory and reboot the switch. 


Configuration 


Syntax:	 
[ no ] management-vlan < vlan-id | vlan-name > 
show vlan-info 


Default: 
Disabled 


For example, suppose you have already configured a VLAN named My_VLAN 
with a VID of 100. Now you want to configure the switch to do the following: 


■	 
Use My_VLAN as a Management VLAN (tagged, in this case) to connect 
port A1 on switch “A” to a management station. (The management station 
includes a network interface card with 802.1Q tagged VLAN capability.) 


■	 
Use port A2 to extend the Management VLAN to port B1 (which is already 
configured as a tagged member of My_VLAN) on an adjacent switch. 


HP ProCurve 
Switch 


“B” 


HP ProCurve 
Switch 
“A” 


A1 
B1 
A2 


Figure 12-21. Illustration of Configuration Example 


HPswitch (config)# management-vlan 100
 
HPswitch (config)# vlan 100 tagged a1
 
HPswitch (config)# vlan 100 tagged a2
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Deleting the Management VLAN. You can disable the Secure Manage­ 
ment feature without deleting the VLAN itself. For example, either of the 
following commands disables the Secure Management feature in the above 
example: 


HPswitch (config)# no management-vlan 100
 
HPswitch (config)# no management-vlan my_vlan
 


Operating Notes for Management VLANs 


■	 
Only one Management-VLAN can be active in the switch. If one Manage­ 
ment-VLAN VID is saved in the startup-config file and you configure a 
different VID in the running-config file, the switch uses the running-config 
version until you either use the write-memory command or reboot the 
switch. 


■	 
During a Telnet session to the switch, if you configure the Management- 
VLAN to a VID that excludes the port through which you are connected 
to the switch, you will continue to have access only until you terminate 
the session by logging out or rebooting the switch. 


■	 
During a web browser session to the switch, if you configure the Manage­ 
ment-VLAN to a VID that excludes the port through which you are 
connected to the switch, you will continue to have access only until you 
close the browser session or rebooting the switch. 


Not e	 
The Management-VLAN feature does not control management access through 
a direct connection to the switch’s serial port. 


■	 
Enabling Spanning Tree where there are multiple links using separate 
VLANs, including the Management VLAN, between a pair of switches, 
Spanning Tree will force the blocking of one or more links. This may 
include the link carrying the Management VLAN, which will cause loss of 
management access to some devices. 
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VLAN 20 (Management VLAN) 
VLAN 1 
VLAN 40 


Switch 
1 
Switch 
2 


Even though the ports on the Management VLAN link between Switch 1 and Switch 2 do not belong 
to the other VLANs connecting the two switches, enabling Spanning Tree will block one of the two 
links. This is because Spanning Tree operates per-switch and not per-VLAN. 


VLAN 1 
VLAN 40 


VLAN 20 Only 
(Management VLAN) 
Blocked 


Figure 12-22. 	Example of Inadvertently Blocking a Management VLAN Link by 
Implementing Spanning Tree 


Effect of VLANs on Other Switch Features 


Spanning Tree Operation with VLANs 


Because the switch follows the 802.1Q VLAN recommendation to use single- 
instance spanning tree, Spanning Tree operates across all ports on the switch 
(regardless of VLAN assignments) instead of on a per-VLAN basis. This means 
that if redundant physical links exist between the switch and another 802.1Q 
device, all but one link will be blocked, regardless of whether the redundant 
links are in separate VLANs. However, you can use port trunking to prevent 
Spanning Tree from unnecessarily blocking ports (and to improve overall 
network performance). Refer to “Spanning Tree Operation with 802.1Q 
VLANs” on page 14-5. 


Notethat Spanning Tree operates differently in different devices. For example, 
in the (obsolete, non-802.1Q) HP Switch 2000 and the HP Switch 800T, Span­ 
ning Tree operates on a per-VLAN basis, allowing redundant physical links as 
long as they are in separate VLANs. 


IP Interfaces 


There is a one-to-one relationship between a VLAN and an IP network inter- 
face. Since the VLAN is defined by a group of ports, the state (up/down) of 
those ports determines the state of the IP network interface associated with 
that VLAN. When a VLAN comes up because one or more of its ports is up, the 
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IP interface for that VLAN is also activated. Likewise, when a VLAN is 
deactivated because all of its ports are down, the corresponding IP interface 
is also deactivated. 


VLAN MAC Addresses 


The switch has one unique MAC address for each of its VLAN interfaces. You 
can send an 802.2 test packet to this MAC address to verify connectivity to the 
switch. Likewise, you can assign an IP address to the VLAN interface, and 
when you Ping that address, ARP will resolve the IP address to this MAC 
address. The switch allows up to 30 VLAN MAC addresses (one per possible 
VLAN). 


Port Trunks 


When assigning a port trunk to a VLAN, all ports in the trunk are automatically 
assigned to the same VLAN. You cannot split trunk members across multiple 
VLANs. Also, a port trunk is tagged, untagged, or excluded from a VLAN in the 
same way as for individual, untrunked ports. 


Port Monitoring 


If you designate a port on the switch for network monitoring, this port will 
appear in the Port VLAN Assignment screen and can be configured as a 
member of any VLAN. For information on how broadcast, multicast, and 
unicast packets are tagged inside and outside of the VLAN to which the 
monitor port is assigned, see “VLAN-Related Problems” on page C-18. 


VLAN Restrictions 


■ 
A port must be a member of at least one VLAN. In the factory default 
configuration, all ports are assigned to the default VLAN 
(DEFAULT_VLAN; VID = 1). 


■ 
A port can be assigned to several VLANs, but only one of those assign­ 
ments can be untagged. (The “Untagged” designation enables VLAN oper­ 
ation with non 802.1Q-compliant devices.) 


■ 
An external router must be used to communicate between tagged VLANs 
on the switch. 


■ 
Before you can delete a VLAN, you must first re-assign all ports in the 
VLAN to another VLAN. 
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HP Router Requirements. Use the Hewlett-Packard version A.09.70 (or 
later) router OS release if any of the following Hewlett-Packard routers are 
installed in networks in which you will be using VLANs: 


HP Router 440 (formerly Router ER) 
HP Router 470 (formerly Router LR) 
HP Router 480 (formerly Router BR) 
HP Router 650 


Release A.09.74 is available on the World Wide Web at 


http://www.hp.com/go/hpprocurve 


Click on software, then routers. 
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GVRP
 


Feature 
Default 
Menu 
CLI 
Web 


view GVRP configuration 
n/a 
page 12-42 
page 12-43 
page 12-46 


list static and dynamic VLANs 
n/a 
— 
page 12-45 
page 12-46 


on a GVRP-enabled switch 


enable or disable GVRP 
disabled 
page 12-42 
page 12-44 
page 12-46 


enable or disable GVRP on 
enabled 
page 12-42 
page 12-44 
— 


individual ports 


control how individual ports 
will handle advertisements for 
new VLANs 


Learn 
page 12-42 
page 12-44 
page 12-46 


convert a dynamic VLAN to a 
static VLAN 


n/a 
— 
page 12-46 
— 


configure static VLANs 
DEFAULT_VLAN 
(VID = 1) 


page 12-10 
page 12-15 
page 12-46 


GVRP—GARP VLAN Registration Protocol—is an application of the Generic 
Attribute Registration Protocol—GARP. GVRP is defined in the IEEE 802.1Q 
standard, and GARP is defined in the IEEE 802.1D-1998 standard. 


Not e	 
To understand and use GVRP you must have a working knowledge of 802.1Q 
VLAN tagging. (See “Port-Based Virtual LANs (Static VLANs)” on page 12-3.) 


GVRP uses “GVRP Bridge Protocol Data Units” (“GVRP BPDUs”) to “adver­ 
tise” static VLANs. In this manual, a GVRP BPDU is termed an advertisement. 
Advertisements are sent outbound from ports on a switch to the devices 
directly connected to those ports. 


GVRP enables the switch to dynamically create 802.1Q-compliant VLANs on 
links with other devices running GVRP. This enables the switch to automati­ 
cally create VLAN links between GVRP-aware devices. (A GVRP link can 
include intermediate devices that are not GVRP-aware.) This operation 
reduces the chances for errors in VLAN configuration by automatically pro­ 
viding VLAN ID (VID) consistency across the network. That is, you can use 
GVRP to propagate VLANs to other GVRP-aware devices instead of manually 
having to set up VLANs across your network. After the switch creates a 
dynamic VLAN, you can optionally use the CLI static <vlan-id> command to 
convert it to a static VLAN or allow it to continue as a dynamic VLAN for as 
long as needed. You can also use GVRP to dynamically enable port member- 
ship in static VLANs configured on a switch. 
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General Operation 


When GVRP is enabled on a switch, the VID for any static VLANs configured 
on the switch is advertised (using BPDUs—Bridge Protocol Data Units) out 
all ports, regardless of whether a port is up or assigned to any particular VLAN. 
A GVRP-aware port on another device that receives the advertisements over 
a link can dynamically join the advertised VLAN. 


A dynamic VLAN (that is, a VLAN learned through GVRP) is tagged on the port 
on which it was learned. Also, a GVRP-enabled port can forward an advertise­ 
ment for a VLAN it learned about from other ports on the same switch (internal 
source), but the forwarding port will not itself join that VLAN until an adver­ 
tisement for that VLAN is received through a link from another device (exter­ 
nal source) on that specific port 


Operating Note: When a GVRP-aware port on a switch learns a VID through GVRP from another device, the switch begins 
advertising that VID out all of its ports except the port on which the VID was learned. 


Port 6 is statically configured 


Core switch with static 
VLANs (VID= 1, 2, & 3). Port 2 
is a member of VIDs 1, 2, & 3. 


1. Port 2 advertises VIDs 1, 2, 
& 3. 


2. Port 1 receives advertise­ 
ment of VIDs 1, 2, & 3 AND 
becomes a member of VIDs 
1, 2, & 3. 
3. Port 3 advertises VIDs 1, 2, 
& 3, but port 3 is NOT a 
member of VIDs 1, 2, & 3 at 
this point. 


4. Port 4 receives advertise­ 
ment of VIDs 1, 2, & 3 AND 
becomes a member of VIDs 
1, 2, & 3. 
5. Port 5 advertises VIDs 1, 2, 
& 3, but port 5 is NOT a 
member of VIDs 1, 2, & 3 at 
this point. 
to be a member of VID 3. 


1 
4 
6 
5 
3 


Switch 1 


GVRP On 


2 


Switch 2 


GVRP On 


Switch 3 


GVRP On 


Static VLAN con- 
figured End Device 
(NIC or switch) with 
GVRP On 


11. Port 2 receives 
9. Port 3 receives advertise- 7. Port 5 receives advertise- 


advertisement of VID 3. (Port ment of VID 3 AND becomes ment of VID 3 AND becomes 
2 is already statically 
a member of VID 3. (Still not a member of VID 3. (Still not 


configured for VID 3.) 
a member of VIDs 1 & 2.) 
a member of VIDs 1 & 2.) 


10. Port 1 advertises VID 3. 
8. Port 4 advertises VID 3. 


6. Port 6 advertises VID 3. 


Figure 12-23. Example of Forwarding Advertisements and Dynamic Joining 
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Note that if a static VLAN is configured on at least one port of a switch, and 
that port has established a link with another device, then all other ports of that 
switch will send advertisements for that VLAN. 


For example, in the following figure, Tagged VLAN ports on switch “A” and 
switch “C” advertise VLANs 22 and 33 to ports on other GVRP-enabled 
switches that can dynamically join the VLANs. 


Switch “A” 
GVRP On 


Switch “B” 
(No GVRP) 


Switch “C” 
GVRP On 


Switch “D” 
GVRP On 


Tagged 
VLAN 22 


Tagged 
VLAN 22 


Switch “E” 
GVRP On 


Tagged 
VLAN 33 


Switch “C”: 
Port 5 dynamically joins VLAN 22. 
Ports 11 and 12 belong to Tagged VLAN 33. 


Switch “E”: 
Port 2 dynamically joins VLANs 22 and 33. 
Port 7 dynamically joins VLANs 33 and 22. 


Switch “D”: 
Port 3 dynamically joins VLANs 22 and 33. 
Port 6 dynamically joins VLAN 22 and 33. 


1 
5 


12 


11 


2 


7 
3 


6 


Figure 12-24. Example of GVRP Operation 


Not e	 
A port can learn of a dynamic VLAN through devices that are not aware of 
GVRP (Switch “B”, above). VLANs must be disabled in GVRP-unaware devices 
to allow tagged packets to pass through. 


A GVRP-aware port receiving advertisements has these options: 


■	 
If there is not already a static VLAN with the advertised VID on the 
receiving port, then dynamically create the VLAN and become a member. 
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■	 
If the switch already has a static VLAN assignment with the same VID as 
in the advertisement, and the port is configured to Auto for that VLAN, 
then the port will dynamically join the VLAN and begin moving that 
VLAN’s traffic. (For more detail on Auto, see “Per-Port Options for 
Dynamic VLAN Advertising and Joining” on page 12-38.) 


■ 
Ignore the advertisement for that VID. 


■ 
Don’t participate in that VLAN. 


Note also that a port belonging to a Tagged or Untagged static VLAN has these 
configurable options: 


■	 
Send VLAN advertisements, and also receive advertisements for VLANs 
on other ports and dynamically join those VLANs. 


■	 
Send VLAN advertisements, but ignore advertisements received from 
other ports. 


■	 
Avoid GVRP participation by not sending advertisements and dropping 
any advertisements received from other devices. 


IP Addressing. A dynamic VLAN does not have an IP address, and moves 
traffic on the basis of port membership in VLANs. However, after GVRP 
creates a dynamic VLAN, you can convert it to a static VLAN. Note that it is 
then necessary to assign ports to the VLAN in the same way that you would 
for a static VLAN that you created manually. In the static state you can 
configure IP addressing on the VLAN and access it in the same way that you 
would any other static (manually created) VLAN. 


Per-Port Options for Handling GVRP “Unknown 
VLANs” 


An “unknown VLAN” is a VLAN that the switch learns of by receiving an 
advertisement for that VLAN on a port that is not already a member of that 
VLAN. If the port is configured to learn unknown VLANs, then the VLAN is 
dynamically created and the port becomes a tagged member of the VLAN. For 
example, suppose that in figure 12-24 (page 12-35), port 1 on switch “A” is 
connected to port 5 on switch “C”. Because switch “A” has VLAN 22 statically 
configured, while switch “C” does not have this VLAN statically configured 
(and does not “Forbid” VLAN 22 on port 5), VLAN 22 is handled as an 
“Unknown VLAN” on port 5 in switch “C”. Conversely, ifVLAN 22 was statically 
configured on switch C, but port 5 was not a member, port 5 would become a 
member when advertisements for VLAN 22 were received from switch “A”. 


When you enable GVRP on a switch, you have the per-port join-request options 
listed in table 12-3. 
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Table 12-3. Options for Handling “Unknown VLAN” Advertisements: 


UnknownVLAN 
Mode 


Operation 


Learn 
Enables the port to become a member of any unknown VLAN for which it 


(the Default) 
receives an advertisement. Allows the port to advertise other VLANs that 
have at least one other port on the same switch as a member. 


Block	 
Prevents the port from joining any new dynamic VLANs for which it receives 
an advertisement. 
Allows the port to advertise other VLANs that have at least one other port 
as a member. 


Disable	 
Causes the port to ignore and drop all GVRP advertisements it receives and 
also prevents the port from sending any GVRP advertisements. 


The CLI show gvrp command and the menu interface VLAN Support screen 
show a switch’s current GVRP configuration, including the Unknown VLAN 
settings. 


GVRP Enabled 


(Required for Unknown 
VLAN operation.) 


Unknown VLAN Settings 


Default: Learn 


Figure 12-25. Example of GVRP Unknown VLAN Settings 
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Per-Port Options for Dynamic VLAN Advertising and 
Joining 


Initiating Advertisements. As described in the preceding section, to 
enable dynamic joins, GVRP must be enabled and a port must be configured 
to Learn (the default). However, to send advertisements in your network, one 
or more static (Tagged, Untagged, or Auto) VLANs must be configured on one 
or more switches (with GVRP enabled), depending on your topology. 


Enabling a Port for Dynamic Joins. You can configure a port to dynami­ 
cally join a static VLAN. The join will then occur if that port subsequently 
receives an advertisement for the static VLAN. (This is done by using the Auto 
and Learn options described in table 12-4, below. 


Parameters for Controlling VLAN Propagation Behavior. You can con- 
figure an individual port to actively or passively participate in dynamic VLAN 
propagation or to ignore dynamic VLAN (GVRP) operation. These options are 
controlled by the GVRP “Unknown VLAN” and the static VLAN configuration 
parameters, as described in the following table: 
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Table 12-4. Controlling VLAN Behavior on Ports with Static VLANs 


Per-Port 
“Unknown 
VLAN” 
(GVRP) 
Configuration 


Static VLAN Options—Per VLAN Specified on Each Port 1 


Port Activity: 
Tagged or Untagged (Per VLAN)2 
Port Activity: 
Auto2 (Per VLAN) 
Port Activity: Forbid 
AN)2 


Learn 
(the Default) 
The port: 
• Belongs to specified VLAN. 
• Advertises specified VLAN. 
• Can become a member of 
dynamic VLANs for which it 
receives advertisements. 
• Advertises dynamic VLANs 
that have at least one other 
port (on the same switch) as a 
member. 


The port: 
• Will become a member of 
specified VLAN if it receives 
advertisements for specified 
VLAN from another device. 
• Will advertise specified VLAN. 
• Can become a member of 
other, dynamic VLANs for 
which it receives 
advertisements. 
• Will advertise a dynamic VLAN 
that has at least one other port 
(on the same switch) as a 
member. 


The port: 
1. Will not become a member of 
the specified VLAN. 
1. Will not advertise specified 
VLAN. 
1. Can become a member of 
other dynamic VLANs for 
which it receives 
advertisements. 
1. Will advertise a dynamic VLAN 
that has at least one other port 
on the same switch as a 
member. 


Block 
The port: 
• Belongs to the specified VLAN. 
• Advertises this VLAN. 
• Will not become a member of 
new dynamic VLANs for which 
it receives advertisements. 
• Will advertise dynamic VLANs 
that have at least one other 
port as a member. 


The port: 
• Will become a member of 
specified VLAN if it receives 
advertisements for this VLAN. 
• Will advertise this VLAN. 
• Will not become a member of 
new dynamic VLANs for which 
it receives advertisements. 
• Will advertise dynamic VLANs 
that have at least one other 
port (on the same switch) as a 
member. 


The port: 
• Will not become a member of 
the specified VLAN. 
• Will not advertise this VLAN. 
• Will not become a member of 
dynamic VLANs for which it 
receives advertisements. 
• Will advertise dynamic VLANs 
that have at least one other 
port (on the same switch) as a 
member. 


Disable 
The port: 
• Is a member of the specified 
VLAN. 
• Will ignore GVRP PDUs. 
• Will not join any advertised 
VLANs. 
• Will not advertise VLANs. 


The port: 
• Will not become a member of 
the specified VLAN. 
• Will ignore GVRP PDUs. 
• Will not join any dynamic 
VLANs. 
• Will not advertise VLANs. 


The port: 
• Will not become a member of 
this VLAN. 
• Will ignore GVRP PDUs. 
• Will not join any dynamic 
VLANs. 
• Will not advertise VLANs. 


(Per VL 


1 Each port on the switch must be a Tagged or Untagged member of at least one VLAN. Thus, any port configured for 
GVRP to Learn or Block will generate and forward advertisements for static VLAN(s) configured on the switch and also 
for dynamic VLANs the switch learns on other ports. 


2 To configure tagging, Auto, or Forbid, see “Configuring Static VLAN Name and Per-Port Settings” on page 12-20 (for the 
CLI) or “Adding or Changing a VLAN Port Assignment” on page 12-13 (for the menu). 
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As the preceding table indicates, when you enable GVRP, a port that has a 
Tagged or Untagged static VLAN has the option for both generating advertise­ 
ments and dynamically joining other VLANs. 


Not e	 
In table 12-4, above, the Unknown VLAN parameters are configured on a per- 
port basis using the CLI. The Tagged, Untagged, Auto, and Forbid options are 
configured per static VLAN on every port, using either the menu interface or 
the CLI. 


Because dynamic VLANs operate as Tagged VLANs, and because a tagged port 
on one device cannot communicate with an untagged port on another device, 
HP recommends that you use Tagged VLANs for the static VLANs you will use 
to generate advertisements. 


GVRP and VLAN Access Control 


When you enable GVRP on a switch, the default GVRP parameter settings 
allow all of the switch’s ports to transmit and receive dynamic VLAN adver­ 
tisements (GVRP advertisements) and to dynamically join VLANs. The two 
preceding sections describe the per-port features you can use to control and 
limit VLAN propagation. To summarize, you can: 


■	 
Allow a port to advertise and/or join dynamic VLANs (Learn mode—the 
default). 


■	 
Allow a port to send VLAN advertisements, but not receive them from 
other devices; that is, the port cannot dynamically join a VLAN but other 
devices can dynamically join the VLANs it advertises (Block mode). 


■ 
Prevent a port from participating in GVRP operation (Disable mode). 


Port-Leave From a Dynamic VLAN 


A dynamic VLAN continues to exist on a port for as long as the port continues 
to receive advertisements of that VLAN from another device connected to that 
port or until you: 


■	 
Convert the VLAN to a static VLAN (See “Converting a Dynamic VLAN to 
a Static VLAN” on page 12-19.) 


■ 
Reconfigure the port to Block or Disable 


■ 
Disable GVRP 


■ 
Reboot the switch 


The time-to-live for dynamic VLANs is 10 seconds. That is, if a port has not 
received an advertisement for an existing dynamic VLAN during the last 10 
seconds, the port removes itself from that dynamic VLAN. 
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Planning for GVRP Operation 


These steps outline the procedure for setting up dynamic VLANs for a seg­ 
ment. 


1.	 
Determine the VLAN topology you want for each segment (broadcast 
domain) on your network. 


2.	 
Determine the VLANs that must be static and the VLANs that can be 
dynamically propagated. 


3.	 
Determine the device or devices on which you must manually create static 
VLANs in order to propagate VLANs throughout the segment. 


4.	 
Determine security boundaries and how the individual ports in the seg­ 
ment will handle dynamic VLAN advertisements. (See table 12-3 on page 
12-37 and table 12-4 on page 12-39.) 


5.	 
Enable GVRP on all devices you want to use with dynamic VLANs and 
configure the appropriate “Unknown VLAN” parameter (Learn, Block, or 
Disable) for each port. 


6.	 
Configure the static VLANs on the switch(es) where they are needed, 
along with the per-VLAN parameters (Tagged, Untagged, Auto, and Forbid— 
see table 12-4 on page 12-39) on each port. 


7.	 
Dynamic VLANs will then appear automatically, according to the config­ 
uration options you have chosen. 


8.	 
Convert dynamic VLANs to static VLANs where you want dynamic VLANs 
to become permanent. 


Configuring GVRP On a Switch 


The procedures in this section describe how to: 


■ 
View the GVRP configuration on a switch 


■ 
Enable and disable GVRP on a switch 


■ 
Specify how individual ports will handle advertisements 


To view or configure static VLANs for GVRP operation, refer to “Per-Port Static 
VLAN Configuration Options” on page 12-8. 
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Menu: Viewing and Configuring GVRP 


1. 
From the Main Menu, select: 


2. Switch Configuration . . . 


8. VLAN Menu . . . 


1. VLAN Support 


Figure 12-26. The VLAN Support Screen (Default Configuration) 


2. 
Do the following to enable GVRP and display the Unknown VLAN fields: 


a. 
Press [E] (for Edit). 


b. Use [v] to move the cursor to the GVRP Enabled field. 


c. 
Press the Space bar to select Yes. 


d. Press [v] again to display the Unknown VLAN fields. 


The Unknown VLAN 
fields enable you to 
configure each port to: 
– Learn - Dynamically 
join any advertised 
VLAN and advertise 
all VLANs learned 
through other ports. 


–	 Block - Do not 
dynamically join any 
VLAN, but still 
advertise all VLANs 
learned through other 
ports. 


–	 Disable - Ignore and 
drop all incoming 
advertisements and 
do not transmit any 
advertisements. 


Figure 12-27. Example Showing Default Settings for Handling Advertisements 
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3.	 
Use the arrow keys to select the port you want, and the Space bar to select 
Unknown VLAN option for any ports you want to change. 


4.	 
When you finish making configuration changes, press [Enter], then [S] (for 
Save) to save your changes to the Startup-Config file. 


CLI: Viewing and Configuring GVRP 


GVRP Commands Used in This Section 


show gvrp 
below 


gvrp 
page 12-44 


unknown-vlans 
page 12-44 


Displaying the Switch’s Current GVRP Configuration. This command 
shows whether GVRP is disabled, along with the current settings for the 
maximum number of VLANs and the current Primary VLAN. (For more on the 
last two parameters, see “Port-Based Virtual LANs (Static VLANs)” on page 
12-3.) 


Syntax: 
show gvrp 
Shows the current settings. 


Figure 12-28. Example of “Show GVRP” Listing with GVRP Disabled 
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This example includes 
non-default settings for 
the Unknown VLAN field 
for some ports. 


Figure 12-29. Example of Show GVRP Listing with GVRP Enabled 


Enabling and Disabling GVRP on the Switch. This command enables 
GVRP on the switch. 


Syntax: 
gvrp 


This example enables GVRP: 


HPswitch(config)# gvrp 


This example disables GVRP operation on the switch: 


HPswitch(config)# no gvrp 


Enabling and Disabling GVRP On Individual Ports. When GVRP is 
enabled on the switch, use the unknown-vlans command to change the 
Unknown VLAN field for one or more ports. You can use this command at 
either the Manager level or the interface context level for the desired port(s). 


Syntax: 
interface <port-list> unknown-vlans < learn | block | disable > 
Changes the Unknown VLAN field setting for the specified 
port(s). 


For example, to change and view the configuration for ports A1-A2 to Block: 
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Figure 12-30. Example of Preventing Specific Ports from Joining Dynamic VLANs 


Displaying the Static and Dynamic VLANs Active on the Switch. The 
show vlans command lists all VLANs present in the switch. 


Syntax: 
show vlans 


For example, in the following illustration, switch “B” has one static VLAN (the 
default VLAN), with GVRP enabled and port 1 configured to Learn for 
Unknown VLANs. Switch “A” has GVRP enabled and has three static VLANs: 
the default VLAN, VLAN-222, and VLAN-333. In this scenario, switch B will 
dynamically join VLAN-222 and VLAN-333: 


Switch “A” 


GVRP enabled. 


3 Static VLANs: 
– DEFAULT_VLAN 
– VLAN-222 
– VLAN-333 


Switch “B” 


GVRP enabled. 


1 Static VLANs: 
– DEFAULT_VLAN 
Port 1: Set to 
“Learn” Mode 


Figure 12-31. Example of Switches Operating with GVRP Enabled 


The show vlans command lists the dynamic (and static) VLANs in switch “B” 
after it has learned and joined VLAN-222 and VLAN-333. 
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Dynamic VLANs 
Learned from 
Switch “A” 
through Port 1 


Figure 12-32. Example of Listing Showing Dynamic VLANs 


Converting a Dynamic VLAN to a Static VLAN. If a port on the switch 
has joined a dynamic VLAN, you can use the following command to convert 
that dynamic VLAN to a static VLAN: 


Syntax: 
static <dynamic-vlan-id> 


For example, to convert dynamic VLAN 333 (from the previous example) to a 
static VLAN: 


HPswitch(config)# static 333 


When you convert a dynamic VLAN to a static VLAN, all ports on the switch 
are assigned to the VLAN in Auto mode. 


Web: Viewing and Configuring GVRP 


To view, enable, disable, or reconfigure GVRP: 


1. 
Click on the Configuration tab. 


2. 
Click on VLAN Configuration and do the following: 


• 
To enable or disable GVRP, click on GVRP Enabled. 


• 
To change the Unknown VLAN field for any port: 
i. 
Click on GVRP Security and make the desired changes. 


ii. Click on Apply to save and implement your changes to the 
Unknown VLAN fields. 


For web-based Help on how to use the web browser interface screen, click on 
the [?] button provided on the web browser screen. 
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GVRP Operating Notes 


■	 
A dynamic VLAN must be converted to a static VLAN before it can have 
an IP address. 


■	 
The total number of VLANs on the switch (static and dynamic combined) 
cannot exceed the current Maximum VLANs setting. For example, in the 
factory default state, the switch supports eight VLANs. Thus, in a case 
where four static VLANs are configured on the switch, the switch can 
accept up to four additional VLANs in any combination of static and 
dynamic. Any additional VLANs advertised to the switch will not be added 
unless you first increase the Maximum VLANs setting. In the Menu inter- 
face, click on 2. Switch Configuration ... | 8. VLAN Menu | 1. VLAN Support. In the 
global config level of the CLI, use max-vlans. 


■	 
Converting a dynamic VLAN to a static VLAN and then executing the write 
memory command saves the VLAN in the startup-config file and makes it 
a permanent part of the switch’s VLAN configuration. 


■	 
Within the same broadcast domain, a dynamic VLAN can pass through a 
device that is not GVRP-aware. This is because a hub or a switch that is 
not GVRP-ware will flood the GVRP (multicast) advertisement packets 
out all ports. 


■	 
GVRP assigns dynamic VLANs as Tagged VLANs. To configure the VLAN 
as Untagged, you must first convert it to a static VLAN. 


■	 
Rebooting a switch on which a dynamic VLAN exists deletes that VLAN. 
However, the dynamic VLAN re-appears after the reboot if GVRP is 
enabled and the switch again receives advertisements for that VLAN 
through a port configured to add dynamic VLANs. 


■	 
By receiving advertisements from other devices running GVRP, the switch 
learns of static VLANs on those other devices and dynamically (automat­ 
ically) creates tagged VLANs on the links to the advertising devices. 
Similarly, the switch advertises its static VLANs to other GVRP-aware 
devices, as well as the dynamic VLANs the switch has learned. 


■	 
A GVRP-enabled switch does not advertise any GVRP-learned VLANs out 
of the port(s) on which it originally learned of those VLANs. 
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Overview 


This chapter describes the following features and how to configure them with 
the switch’s built-in interfaces: 


■	 
Multimedia Traffic Control with IP Multicast (IGMP): Use the 
switch to reduce unnecessary bandwidth usage on a per-port basis by 
configuring IGMP controls. 


For general information on how to use the switch’s built-in interfaces, see:
 


■ 
Chapter 3, “Using the Menu Interface”
 


■ 
Chapter 4, “Using the Command Line Interface (CLI)”
 


■ 
Chapter 5, “Using the HP Web Browser Interface
 


■ 
Appendix C, “Switch Memory and Configuration”
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General Operation and Features 


IGMP Features 


Feature 
Default 
Menu 
CLI 
Web 


view igmp configuration 
n/a 
— 
page 13-6 
— 


show igmp status for multicast 
n/a 
— 
Yes 
— 


groups used by the selected 
VLAN 


enabling or disabling IGMP 
(Requires VLAN ID Context) 


disabled 
— 
page 13-8 
page 13-11 


per-port packet control 
auto 
— 
page 13-9 
— 


IGMP traffic priority 
normal 
— 
page 13-10 
— 


querier 
enabled 
— 
page 13-10 
— 


fast-leave 
disabled 
— 
page 13-14 
— 


In a network where IP multicast traffic is transmitted for various multimedia 
applications, you can use the switch to reduce unnecessary bandwidth usage 
on a per-port basis by configuring IGMP (Internet Group Management Proto­ 
col controls). In the factory default state (IGMP disabled), the switch simply 
floods all IP multicast traffic it receives on a given VLAN through all ports on 
that VLAN (except the port on which it received the traffic). This can result 
in significant and unnecessary bandwidth usage in networks where IP multi- 
cast traffic is a factor. Enabling IGMP allows the ports to detect IGMP queries 
and report packets and manage IP multicast traffic through the switch. 


IGMP is useful in multimedia applications such as LAN TV, desktop confer­ 
encing, and collaborative computing, where there is multipoint communica­ 
tion; that is, communication from one to many hosts, or communication 
originating from many hosts and destined for many other hosts. In such 
multipoint applications, IGMP will be configured on the hosts, and multicast 
traffic will be generated by one or more servers (inside or outside of the local 
network). Switches in the network (that support IGMP) can then be config­ 
ured to direct the multicast traffic to only the ports where needed. If multiple 
VLANs are configured, you can configure IGMP on a per-VLAN basis. 
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Enabling IGMP allows detection of IGMP queries and report packets in order 
to manage IP multicast traffic through the switch. If no other querier is 
detected, the switch will then also function as the querier. (If you need to 
disable the querier feature, you can do so through the IGMP configuration 
MIB. Refer to “Changing the Querier Configuration Setting” on page 13-10.) 


Not e	 
IGMP configuration on the switch operates at the VLAN context level. If you 
are not using VLANs, then configure IGMP in VLAN 1 (the default VLAN) 
context. 


IGMP Terms 


■ 
IGMP Device: A switch or router running IGMP traffic control 
features. 


■ 
IGMP Host: An end-node device running an IGMP (multipoint, or 
multicast communication) application. 


■ 
Querier: A required IGMP device that facilitates the IGMP protocol 
and traffic flow on a given LAN. This device tracks which ports are 
connected to devices (IGMP clients) that belong to specific multicast 
groups, and triggers updates of this information. A querier uses data 
received from the queries to determine whether to forward or block 
multicast traffic on specific ports. When the switch has an IP address 
on a given VLAN, it automatically operates as a Querier for that VLAN 
if it does not detect a multicast router or another switch functioning 
as a Querier. When enabled (the default state), the switch’s querier 
function eliminates the need for a multicast router. In most cases, HP 
recommends that you leave this parameter in the default “enabled” 
state even if you have a multicast router performing the querier 
function in your multicast group. For more information, see “How 
IGMP Operates” on page 13-11. 
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IGMP Operating Features 


Basic Operation 


In the factory default configuration, IGMP is disabled. If multiple VLANs are 
not configured, you must configure IGMP on the default VLAN 
(DEFAULT_VLAN; VID = 1). If multiple VLANs are configured, you must 
configure IGMP on a per-VLAN basis for every VLAN where this feature is 
desired. 


Enhancements 


With the CLI, you can configure these additional options: 


■ 
Forward with High Priority. Disabling this parameter (the default) 
causes the switch or VLAN to process IP multicast traffic, along with other 
traffic, in the order received (usually, normal priority). Enabling this 
parameter causes the switch or VLAN to give a higher priority to IP 
multicast traffic than to other traffic. 


■ 
Auto/Blocked/Forward: You can use the console to configure individual 
ports to any of the following states: 


•	 
Auto (the default): Causes the switch to interpret IGMP packets and 
to filter IP multicast traffic based on the IGMP packet information for 
ports belonging to a multicast group. This means that IGMP traffic 
will be forwarded on a specific port only if an IGMP host or multicast 
router is connected to the port. 


•	 
Blocked: Causes the switch to drop all IGMP transmissions received 
from a specific port and to block all outgoing IP Multicast packets for 
that port. This has the effect of preventing IGMP traffic from moving 
through specific ports. 


•	 
Forward: Causes the switch to forward all IGMP and IP multicast 
transmissions through the port. 


■ 
Operation With or Without IP Addressing: This feature helps to 
conserve IP addresses by enabling IGMP to run on VLANs that do not have 
an IP address. See “Operation With or Without IP Addressing” on page 
13-13. 


■ 
Querier Capability: The switch performs this function for IGMP on 
VLANs having an IP address when there is no other device in the VLAN 
acting as querier. See “Querier Operation” on page 13-19. 
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Not e s	 
Whenever IGMP is enabled, the switch generates an Event Log message 
indicating whether querier functionality is enabled. 


IP multicast traffic groups are identified by IP addresses in the range of 
224.0.0.0 to 239.255.255.255. Also, incoming IGMP packets intended for 
reserved, or “well-known” multicast addresses automatically flood through all 
ports (except the port on which the packets entered the switch). For more on 
this topic, see “Excluding Well-Known or Reserved Multicast Addresses from 
IP Multicast Filtering” on page 13-20. 


For more information, refer to “How IGMP Operates” on page 13-11. 


CLI: Configuring and Displaying IGMP 


IGMP Commands Used in This Section 


show ip igmp configuration 


ip igmp 


high-priority-forward 


auto <[ethernet] <port-list> 


blocked <[ethernet] <port-list> 


forward <[ethernet] <port-list> 


querier 


show ip igmp 


page 13-7 


page 13-8 


page 13-10 


page 13-9 


page 13-9 


page 13-9 


page 13-10 


See “Internet Group Management Protocol (IGMP) 
Status” on page B-19. 
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Viewing the Current IGMP Configuration. This command lists the IGMP 
configuration for all VLANs configured on the switch or for a specific VLAN. 


Syntax: 
show ip igmp config 
IGMP configuration for all VLANs on the switch. 


show ip igmp < vid > config 
IGMP configuration for a specific VLAN on the switch, 
including per-port data. 


show ip igmp group < ip-address > 
Lists the ports on which the specified multicast group 
IP address is registered. 


(For IGMP operating status, see “Internet Group Management Protocol 
(IGMP) Status” on page B-19.) 


For example, suppose you have the following VLAN and IGMP configurations 
on the switch: 


VLAN ID VLAN Name 
IGMP 
Enabled 


Forward with 
High Priority 


Querier 


1 
DEFAULT_VLAN 
Yes 
No 
No 


22 
VLAN-2 
Yes 
Yes 
Yes 


33 
VLAN-3 
No 
No 
No 


You could use the CLI to display this data as follows: 


Figure 13-1. Example Listing of IGMP Configuration for All VLANs in the Switch 


The following version of the show ip igmp command includes the VLAN ID (vid) 
designation, and combines the above data with the IGMP per-port configura­ 
tion: 
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IGMP Configuration 
for the Selected 
VLAN 


IGMP Configuration 
On the Individual 
Ports in the VLAN 


Figure 13-2. Example Listing of IGMP Configuration for A Specific VLAN 


Enabling or Disabling IGMP on a VLAN. You can enable IGMP on a 
VLAN, along with the last-saved or default IGMP configuration (whichever 
was most recently set), or you can disable IGMP on a selected VLAN. Note 
that this command must be executed in a VLAN context. 


Syntax: 
[no] ip igmp 


For example, here are methods to enable and disable IGMP on the default 
VLAN (VID = 1). 


HPswitch(config)# vlan 1 ip igmp 


Enables IGMP on VLAN 1. 


HPswitch(vlan-1)# ip igmp 


Same as above. 


HPswitch(config)# no vlan 1 ip igmp 


Disables IGMP on VLAN 1. 


Not e	 
If you disable IGMP on a VLAN and then later re-enable IGMP on that VLAN, 
the switch restores the last-saved IGMP configuration for that VLAN. For more 
on how switch memory operates, see Chapter 6, “Switch Memory and Config­ 
uration”. 
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You can also combine the ip igmp command with other IGMP-related com­ 
mands, as described in the following sections. 


Configuring Per-Port IGMP Packet Control. Use this command in the 
VLAN context to specify how each port should handle IGMP traffic. 


Syntax: 
vlan < vid > ip igmp 
[ auto <port-list> | blocked <port-list> | forward <port-list> ] 


Syntax: vlan < vid > ip igmp 


Enables IGMP on the specified VLAN. In a VLAN context, 
use only ip igmp without the VLAN specifier. 


auto < port-list > (Default operation) 


Filter multicast traffic on the specified ports. Forward 
IGMP traffic to hosts on the ports that belong to the 
multicast group for which the traffic is intended. (Also 
forward any multicast traffic through any of these ports 
that is connected to a multicast router.) This is the default 
IGMP port configuration. 


blocked < port-list > 


Drop all multicast traffic received from devices on the 
specified ports, and prevent any outgoing multicast 
traffic from moving through these ports. 


forward < port-list > 


Forward all multicast traffic through the specified port. 


For example, suppose you wanted to configure IGMP as follows for VLAN 1 
on ports A1 - A6: 


■ 
Ports A1 - A2: Auto 


■ 
Ports A3 - A4: Forward 


■ 
Ports A5 - A6: Block 


Depending on the privilege level, you could use one of the following com­ 
mands to configure IGMP on VLAN 1 with the above settings: 


HPswitch(config)# vlan 1 
HPswitch(vlan-1)# ip igmp auto a1,a2 
HPswitch(vlan-1)# forward a3,a4 
HPswitch(vlan-1)# blocked a5,a6 
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The following command displays the VLAN and per-port configuration result­ 
ing from the above commands. 


HPswitch> show ip igmp 1 config 


Configuring IGMP Traffic Priority. This command allows you to priori­ 
tize IGMP traffic as either “high” or “normal” (the default). 


Syntax: 
[no] vlan < vid > ip igmp high-priority-forward 
Assigns “high” priority to IGMP traffic. The “no” form 
returns a high-priority setting to (the default) “normal” 
priority. (The switch services the traffic at its inbound 
priority.) 


HPswitch(config)# vlan 1 ip igmp high-priority-forward 


This example configures high priority for IGMP traffic on 
VLAN 1. 


HPswitch(vlan-1)# ip igmp high-priority-forward 


Same as above command, but in the VLAN 1 context 
level. 


HPswitch(vlan 1)# no ip igmp high-priority-forward 


Returns IGMP traffic to “normal” priority. 


HPswitch> show ip igmp config 


Show command to display results of above high-priority 
commands. 


Configuring the Querier Function. In its default configuration, the switch 
is capable of operating as an IGMP querier. This command lets you disable or 
re-enable this function. 


Syntax: 
[no] vlan <vid> ip igmp querier 
Disables or re-enables the ability for the switch to become 
querier, if necessary, on the specified VLAN. The default 
querier capability is “enabled”. 


HPswitch(config)# no vlan 1 ip igmp querier 


Disables the querier function on VLAN 1. 


HPswitch> show ip igmp config 
This is the show command used to display results of the 
above querier command. 
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Web: Enabling or Disabling IGMP 


In the web browser interface you can enable or disable IGMP on a per-VLAN 
basis. To configure other IGMP features, telnet to the switch console and use 
the CLI. 


To Enable or Disable IGMP 


1. 
Click on the Configuration tab. 


2. 
Click on the Device Features button. 


3.	 
If more than one VLAN is configured, use the VLAN pull-down menu to 
select the VLAN on which you want to enable or disable IGMP. 


4. 
Use the Multicast Filtering (IGMP) menu to enable or disable IGMP. 


5. 
Click on Apply Changes button to implement the configuration change. 


For web-based help on how to use the web browser interface screen, click on 
the ? button provided on the web browser screen. 


How IGMP Operates 


The Internet Group Management Protocol (IGMP) is an internal protocol of 
the Internet Protocol (IP) suite. IP manages multicast traffic by using 
switches, multicast routers, and hosts that support IGMP. (In Hewlett-Pack­ 
ard’s implementation of IGMP, a multicast router is not necessary as long as 
a switch is configured to support IGMP with the querier feature enabled.) A set 
of hosts, routers, and/or switches that send or receive multicast data streams 
to or from the same source(s) is termed a multicast group, and all devices in 
the group use the same multicast group address. The multicast group running 
version 2 of IGMP uses three fundamental types of messages to communicate: 


■	 
Query: A message sent from the querier (multicast router or switch) 
asking for a response from each host belonging to the multicast group. If 
a multicast router supporting IGMP is not present, then the switch must 
assume this function in order to elicit group membership information 
from the hosts on the network. (If you need to disable the querier feature, 
you can do so through the CLI, using the IGMP configuration MIB. See 
“Configuring the Querier Function” on page 13-10.) 
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■	 
Report (Join): A message sent by a host to the querier to indicate that 
the host wants to be or is a member of a given group indicated in the report 
message. 


■	 
Leave Group: A message sent by a host to the querier to indicate that the 
host has ceased to be a member of a specific multicast group. 


No t e o n I GM P 
When the switch receives an IGMPv3 Join, it accepts the host request and 


version 3 
begins to forwarding the IGMP traffic. This means ports that have not joined 


s u p p o r t 
the group and are not connected to routers or the IGMP Querier will not 
receive the group's multicast traffic. 


The switch does not support the IGMPv3 “Exclude Source” or “Include 
Source” options in the Join Reports. Rather, the group is simply joined from 
all sources. 


The switch does not support becoming a version 3 Querier. It will become a 
version 2 Querier in the absence of any other Querier on the network. 


An IP multicast packet includes the multicast group (address) to which the 
packet belongs. When an IGMP client connected to a switch port needs to 
receive multicast traffic from a specific group, it joins the group by sending 
an IGMP report (join request) to the network. (The multicast group specified 
in the join request is determined by the requesting application running on the 
IGMP client.) When a networking device with IGMP enabled receives the join 
request for a specific group, it forwards any IP multicast traffic it receives for 
that group through the port on which the join request was received. When the 
client is ready to leave the multicast group, it sends a Leave Group message 
to the network and ceases to be a group member. When the leave request is 
detected, the appropriate IGMP device will cease transmitting traffic for the 
designated multicast group through the port on which the leave request was 
received (as long as there are no other current members of that group on the 
affected port). 


Thus, IGMP identifies members of a multicast group (within a subnet) and 
allows IGMP-configured hosts (and routers) to join or leave multicast groups. 


IGMP Data. To display data showing active group addresses, reports, que­ 
ries, querier access port, and active group address data (port, type, and 
access), see “Internet Group Management Protocol (IGMP) Status” on page 
B-19. 
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Operation With or Without IP Addressing 


You can configure IGMP on VLANs that do not have IP addressing. The benefit 
of IGMP without IP addressing is a reduction in the number of IP addresses 
you have to use and configure. This can be significant in a network with a large 
number of VLANs. The limitation on IGMP without IP addressing is that the 
switch cannot become Querier on any VLANs for which it has no IP address— 
so the network administrator must ensure that another IGMP device will act 
as Querier. It is also advisable to have an additional IGMP device available as 
a backup Querier. See the following table. 


Table 13-1.Comparison of IGMP Operation With and Without IP Addressing 


IGMP Function Available With IP Addressing 
Configured on the VLAN 


Available 
Without IP 
Addressing? 


Operating Differences 
Without an IP Address 


Forward multicast group traffic to any port on 
Yes 
None 


the VLAN that has received a join request for 
that multicast group. 


Forward join requests (reports) to the Querier. 
Yes 
None 


Configure individual ports in the VLAN to Auto 
Yes 
None 


(the default)/Blocked, or Forward. 


Configure IGMP traffic forwarding to normal or 
Yes 
None 


high-priority forwarding. 


Age-Out IGMP group addresses when the last 
IGMP client on a port in the VLAN leaves the 
group. 


Yes 
Requires that another IGMP device in the VLAN has an IP 
address and can operate as Querier. This can be a multi- 
cast router or another switch configured for IGMP oper
 
ation. (HP recommends that the VLAN also include a 
device operating as a backup Querier in case the device 
operating as the primary Querier fails for any reason. 
Support Fast-Leave IGMP (below) and Forced 
Fast-Leave IGMP (page 13-13). 
Yes 


Support automatic Querier election. 
No 
Querier operation not available. 


Operate as the Querier. 
No 
Querier operation not available. 


Available as a backup Querier. 
No 
Querier operation not available. 


Automatic Fast-Leave IGMP 


IGMP Operation Presents a “Delayed Leave” Problem. Where multiple 
IGMP clients are connected to the same port on an IGMP device (switch or 
router), if only one IGMP client joins a given multicast group, then later sends 
a Leave Group message and ceases to belong to that group, the IGMP device 
retains that IGMP client in its IGMP table and continues forwarding IGMP 
traffic to the IGMP client until the Querier triggers confirmation that no other 
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group members exist on the same port. This means that the switch continues 
to transmit unnecessary multicast traffic through the port until the Querier 
renews multicast group status. 


Fast-Leave IGMP Defaults to Disabled. On HP ProCurve switches that 
support Data-Driven IGMP (“Smart” IGMP), when unregistered multicasts are 
received the switch will automatically filter them. Thus, the sooner the IGMP 
Leave is processed, the sooner this multicast traffic stops flowing. 


On switches that do not support Data-Driven IGMP, such as the switches 
covered in this guide, unregistered multicasts groups are flooded to the VLAN 
rather than pruned. In this scenario, Fast-Leave IGMP can actually increase 
the problem of multicast flooding by removing the IGMP group filter before 
the Querier has recognized the IGMP Leave. The Querier will continue to 
transmit the multicast group during this short time, and because the group is 
no longer registered the switch will then flood the multicast group to all ports. 


For this reason, the IGMP FastLeave feature is disabled by default on all HP 
ProCurve switches that do not support Data-Driven IGMP, including the 
switches covered in this guide. The feature can be enabled on these switches 
via an SNMP set of the IgmpPortFastLeaveState.< vid >.< port number > object. 
However, this is not recommended as this will increase the amount of multi- 
cast flooding during the period between the client's IGMP Leave and the 
Querier's processing of that Leave. 


Automatic Fast-Leave Operation. If a switch port is: 


a. 
Connected to only one end node 


b. The end node currently belongs to a multicast group; i.e. is an IGMP 
client 


c. 
The end node subsequently leaves the multicast group 


Then the switch does not need to wait for the Querier status update interval, 
but instead immediately removes the IGMP client from its IGMP table and 
ceases transmitting IGMP traffic to the client. (If the switch detects multiple 
end nodes on the port, automatic Fast-Leave does not activate—regardless of 
whether one or more of these end nodes are IGMP clients.) 
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In the next figure, automatic Fast-Leave operates on the switch ports for IGMP 
clients “3A” and “5A”, but not on the switch port for IGMP clients “7A” and 7B, 
Server “7C”, and printer “7D”. 


Routing 
Switch 
Acting as 
Querier 
HP ProCurve Switch 
with Automatic Fast- 
Leave 


Server 


7C 


Switch 7X 


3A 
5A 
7A 


Fast-Leave IGMP 
automatically operates on 
the ports connected to 
IGMP clients 3A and 5A, 
but does not operate on 
the port connected to 
Switch 7X because the 
switch detects multiple 
end nodes on that port. 


Fast-Leave IGMP does 
not activate on this port. 


Fast-Leave IGMP 
activates on these 
two ports. 


A1 
A3 
A4 
A6 


Printer 
7D 


7B 


Figure 13-3. Example of Automatic Fast-Leave IGMP Criteria 


When client “3A” running IGMP is ready to leave the multicast group, it 
transmits a Leave Group message. Because the switch knows that there is only 
one end node on port A3, it removes the client from its IGMP table and halts 
multicast traffic (for that group) to port A3. If the switch is not the Querier, it 
does not wait for the actual Querier to verify that there are no other group 
members on port A3. If the switch itself is the Querier, it does not query port 
A3 for the presence of other group members. 


Note that Fast-Leave operation does not distinguish between end nodes on 
the same port that belong to different VLANs. Thus, for example, even if all of 
the devices on port A6 in figure 13-3 belong to different VLANs, Fast-Leave 
does not operate on port A6. 


Forced Fast-Leave IGMP 


Forced Fast-Leave IGMP speeds up the process of blocking unnecessary IGMP 
traffic to a switch port that is connected to multiple end nodes. (This feature 
does not activate on ports where the switch detects only one end node). For 
example, in figure 13-3, even if you configured Forced Fast-Leave on all ports 
in the switch, the feature would activate only on port A6 (which has multiple 
end nodes) when a Leave Group request arrived on that port. 


When a port having multiple end nodes receives a Leave Group request from 
one end node for a given multicast group “X”, Forced Fast-Leave activates and 
waits a small amount of time to receive a join request from any other group 
“X” member on that port. If the port does not receive a join request for that 
group within the forced-leave interval, the switch then blocks any further 
group “X” traffic to the port. 
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Configuration Options for Forced Fast-Leave 


Feature 
Default 
Settings 
Function 


Forced Fast- 
2 
1 (enabled) Uses the setmib command to enable or disable 


Leave state 
(disabled) 2 (disabled)	 Forced Fast-Leave on individual ports. When 
enabled on a port, Forced Fast-Leave operates only 
if the switch detects multiple end nodes (and at least 
one IGMP client) on that port. 


N o t e o n V L A N 
N u m b e r s : 


In the HP ProCurve switches covered in this guide, the walkmib and setmib 
commands use an internal VLAN number (and not the VLAN ID, or VID) 
to display or change many per-vlan features, such as the Forced Fast- 
Leave state. Because the internal VLAN number for the default VLAN is 
always 1 (regardless of whether VLANs are enabled on the switch), and 
because a discussion of internal VLAN numbers for multiple VLANs is 
beyond the scope of this document, the discussion here concentrates on 
examples that use the default VLAN. 


Listing the Forced Fast-Leave Configuration 


The Forced Fast-Leave configuration data is available in the switch’s MIB 
(Management Information Base), and includes the state (enabled or disabled) 
for each port and the Forced-Leave Interval for all ports on the switch. 


To List the Forced Fast-Leave State for all Ports in the Switch. Go to 
the switch’s command prompt and use the walkmib command, as shown below. 


1. From the Main Menu, select: 


5. Diagnostics . . . 


4. Command Prompt 


2. Do one of the following: 


• 
If VLANs are not enabled on the switch, go to step 3. 


• 
If VLANs are enabled on the switch: 


i. 
You will be prompted to select a VLAN. For example: 


ii.	 Because you can list the Forced Fast-Leave state for all ports on 
the switch from any VLAN, just press [Enter] to select the 
displayed VLAN. 
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3.	 Enter either of the following walkmib command options: 


walkmib hpSwitchIgmpPortForcedLeaveState 


- OR ­ 


walkmib 1.3.6.1.4.1.11.2.14.11.5.1.7.1.15.3.1.5 


The resulting display lists the Forced Fast-Leave state for all ports in the 
switch, by VLAN. (A port belonging to more than one VLAN will be listed 
once for each VLAN, and if multiple VLANs are not configured, all ports 
will be listed as members of the default VLAN.) The following command 
produces a listing such as that shown in figure 13-4: 


The 2 at the end of a port 
listing shows that Forced 
Fast-Leave is disabled on 
the corresponding port. 


The 1 at the end of a port 
listing shows that Forced 
Fast-Leave is enabled on 
the corresponding port. 


Ports 1-6: 6- Port 109/1000T Module in Slot A 


Internal VLAN Number for the Default VLAN 


Note: Internal VLAN numbers reflect the sequence 
in which VLANs are created, and are not related to 
the unique VID assigned to each VLAN. (See the 
“Note on VLAN Numbers on page 13-16.) 


Sequential Port 
Numbers 


Figure 13-4. Example of a Forced Fast-Leave Listing where all Ports are Members of the Default VLAN 


To List the Forced Fast-Leave State for a Single Port. (See the “Note 
on VLAN Numbers” on page 13-16.) 


Go to the switch’s command prompt and use the getmib command, as shown 
below. 


Syntax: 


getmib hpSwitchIgmpPortForcedLeaveState.<vlan number><.port number> 


- OR ­ 


getmib 1.3.6.1.4.1.11.2.14.11.5.1.7.1.15.3.1.5.<vlan number><.port number> 


For example, the following command to list the state for port A6 (which, 
in this case, belongs to the default VLAN) produces the indicated listing: 
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The 2 shows that Fast Forced-Leave 
is disabled on port 7. 


The 6 specifies port A6. 


The 1 indicates the default VLAN. 
(See the “Note on VLAN Numbers” 
on page 13-16.) 


Figure 13-5. 	Example Listing the Forced Fast-Leave State for a Single Port on the Default 
VLAN 


Configuring Per-Port Forced Fast-Leave IGMP 


In the factory-default configuration, Forced Fast-Leave is disabled for all ports 
on the switch. To enable (or disable) this feature on individual ports, use the 
switch’s setmib command, as shown below. 


Configuring Per-Port Forced Fast-Leave IGMP on Ports. This proce­ 
dure enables or disables Forced Fast-Leave on ports in a given VLAN. (See the 
“Note on VLAN Numbers” on page 13-16.) 


Syntax: 


setmib hpSwitchIgmpPortForcedLeaveState.< vlan number >< .port number > 
-i < 1 | 2 > 


- OR ­ 


setmib 1.3.6.1.4.1.11.2.14.11.5.1.7.1.15.3.1.5.< vlan number >< .port number > -i 
< 1 | 2 > 


where: 


1 = Forced Fast-Leave enabled 


2 = Forced Fast-Leave disabled 


For example, suppose that your switch has a six-port gigabit module in 
slot A, and port C1 is a member of the default VLAN. In this case, the port 
number is “49” (In the MIB, slot A = ports 1-24; slot B = ports 25-48; slot 
C = ports 49-72, and so on.) To enable Forced Fast-Leave on C1 (49), you 
would execute the following command and see the indicated result: 
DEFAULT_CONFIG: setmib hpSwitchIgmpPortForcedLe-
 
aveState.1.49 -i 1
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Verifies Forced Fast-Leave enabled. 
49 indicates port C1. 
1 indicates the default VLAN. (See 
the note on page 13-16.) 


Figure 13-6. Example of Changing the Forced Fast-Leave Configuration on Port 49 


Using the Switch as Querier 


Querier Operation 


The function of the IGMP Querier is to poll other IGMP-enabled devices in an 
IGMP-enabled VLAN to elicit group membership information. The switch 
performs this function if there is no other device in the VLAN, such as a 
multicast router, to act as Querier. Although the switch automatically ceases 
Querier operation in an IGMP-enabled VLAN if it detects another Querier on 
the VLAN, you can also use the Command Prompt to disable the Querier 
capability for that VLAN. 


Not e	 
A Querier isrequired for proper IGMP operation. For this reason, if you disable 
the Querier function on a switch, ensure that there is an IGMP Querier (and, 
preferably, a backup Querier) available on the same VLAN. 


If the switch becomes the Querier for a particular VLAN (for example, the 
DEFAULT_VLAN), then subsequently detects queries transmitted from 
another device on the same VLAN, the switch ceases to operate as the Querier 
for that VLAN. If this occurs, the switch Event Log lists a pair of messages 
similar to these: 


I 01/15/01 09:01:13 igmp: DEFAULT_VLAN: Other Querier 
detected
 


I 01/15/01 09:01:13 igmp: DEFAULT_VLAN: This switch is no 
longer Querier
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In the above scenario, if the other device ceases to operate as a Querier on the 
default VLAN, then the switch detects this change and can become the Querier 
as long as it is not pre-empted by some other IGMP Querier on the VLAN. In 
this case, the switch Event Log lists messages similar to the following to 
indicate that the switch has become the Querier on the VLAN: 


I 01/15/01 09:21:55 igmp: DEFAULT_VLAN: Querier Election 
in process
 


I 01/15/01 09:22:00 igmp: DEFAULT_VLAN: This switch has 
been elected as Querier
 


Excluding Well-Known or Reserved 
Multicast Addresses from IP Multicast 
Filtering 


Each multicast host group is identified by a single IP address in the range of 
224.0.0.0 through 239.255.255.255. Specific groups of consecutive addresses 
in this range are termed “well-known” addresses and are reserved for pre- 
defined host groups. IGMP does not filter these addresses, so any packets the 
switch receives for such addresses are flooded out all ports assigned to the 
VLAN on which they were received (except the port on which the packets 
entered the VLAN). 


The following table lists the 32 well-known address groups (8192 total 
addresses) that IGMP does not filter on the switches covered in this guide, as 
well as on the 1600M, 2400M, 2424M, 2650M, 4000M, 6108M, 8000M, and Series 
2500 switches. 


Table 13-2.IP Multicast Address Groups Excluded from IGMP Filtering 


Groups of Consecutive Addresses in 
the Range of 224.0.0.X to 239.0.0.X* 


Groups of Consecutive Addresses in 
the Range of 224.128.0.X to 239.128.0.X* 


224.0.0.x 
232.0.0.x 


225.0.0.x 
233.0.0.x 


226.0.0.x 
234.0.0.x 


227.0.0.x 
235.0.0.x 


228.0.0.x 
236.0.0.x 


229.0.0.x 
237.0.0.x 


230.0.0.x 
238.0.0.x 


231.0.0.x 
239.0.0.x 


224.128.0.x 
232.128.0.x 


225.128.0.x 
233.128.0.x 


226.128.0.x 
234.128.0.x 


227.128.0.x 
235.128.0.x 


228.128.0.x 
236.128.0.x 


229.128.0.x 
237.128.0.x 


230.128.0.x 
238.128.0.x 


231.128.0.x 
239.128.0.x 


* X is any value from 0 to 255. 
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Excluding Well-Known or Reserved Multicast Addresses from IP Multicast Filtering 


N o t e s : 
IP Multicast Filters. This operation applies to the HP ProCurve Switch 
1600M, 2400M, 2424M, 4000M, and 8000M, but not to the Series 2500, 2600, 
4100, and 5300 switches or the Switch 6108 (which do not have static traffic/ 
security filters). 


IP multicast addresses occur in the range from 224.0.0.0 through 
239.255.255.255 (which corresponds to the Ethernet multicast address range 
of 01005e-000000 through 01005e-7fffff). Where a switch has a static Traffic/ 
Security filter configured with a “Multicast” filter type and a “Multicast 
Address” in this range, the switch will use the static filter unless IGMP learns 
of a multicast group destination in this range. In this case, IGMP dynamically 
takes over the filtering function for the multicast destination address(es) for 
as long as the IGMP group is active. If the IGMP group subsequently deacti­ 
vates, the switch returns filtering control to the static filter. 


Reserved Addresses Excluded from IP Multicast (IGMP) Filtering. 
Traffic to IP multicast groups in the IP address range of 224.0.0.0 to 224.0.0.255 
will always be flooded because addresses in this range are “well known” or 
“reserved” addresses. Thus, if IP Multicast is enabled and there is an IP 
multicast group within the reserved address range, traffic to that group will 
be flooded instead of filtered by the switch. 


Number of IP Multicast Addresses Allowed 


Multicast filters and IGMP filters (addresses) together can total up to 255 in 
the switch. If multiple VLANs are configured, then each filter is counted once 
per VLAN in which it is used. 
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Overview 


STP Features 


802.1D Spanning Tree 
Protocol 


Default 
Menu 
CLI 
Web 


viewing the STP 
configuration 


enable/disable STP 


reconfiguring general 
operation 


reconfiguring per-port STP 


monitoring STP 


802.1D Spanning Tree 
Protocol 


Viewing the RSTP/STP 
configuration 


enable/disable RSTP/STP 
(RSTP is selected as the 
default protocol) 


n/a 


disabled 


priority: 32768 
max age: 20 s 
hello time: 2 s 
fwd. delay: 15 s 


path cost: var 
priority: 128 
mode: norm 


n/a 


Default 


disabled 


page 14-18 page 14-10 
— 


page 14-18 page 14-22 page 14-40 


page 14-18 page 14-23 


page 14-18 page 14-24 


page B-17 page B-17 
n/a 


Menu 
CLI 
Web 


page 14-16 page 14-10 
n/a 


page 14-16 page 14-11 page 14-17 


reconfiguring whole-switch Protocol Version: RSTP page 14-16 page 14-12 
n/a 


values 


reconfiguring per-port 
values 


Force Version: 
RSTP-operation 


Switch Priority: 8 
Hello Time: 2 s 
Max Age: 20 s 
Forward Delay: 15 s 


Path Cost: 
Depends on port 
type 


Priority: 8 
Edge Port: Yes 
Point-to-point: 
Force-true 


MCheck: Yes 


page 14-16 page 14-14 
n/a 
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Overview 


Use spanning tree to ensure that only one active path at a time exists between 
any two nodes on the network. In networks where there is more than one 
physical, active path between any two nodes, enabling spanning tree ensures 
a single active path between such nodes by blocking all redundant paths. 
Without spanning tree, having more than one active path between a pair of 
nodes causes loops in the network, which can result in duplication of mes­ 
sages, leading to a “broadcast storm” that can bring down the network. 


Not e	 
You should enable spanning tree operation in any switch that is part of a 
redundant physical link (loop topology). (It is recommended that you do so 
on all switches belonging to a loop topology.) This topic is covered in more 
detail under “How Spanning Tree Operates” on page 14-4. 


As recommended in the IEEE 802.1Q VLAN standard, the switch uses single- 
instance STP. (As a result, the switch generates untagged Bridge Protocol 
Data Units—BPDUs.) This implementation creates a single spanning tree to 
make sure there are no network loops associated with any of the connections 
to the switch, regardless of whether multiple VLANs are configured on the 
switch. Thus, these switches do not distinguish between VLANs when identi­ 
fying redundant physical links. If VLANs are configured on the switch, see 
“Spanning Tree Operation with VLANs” on page 12-30. 
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How Spanning Tree Operates 


The switch automatically senses port identity and type, and automatically 
defines spanning-tree parameters for each type, as well as parameters that 
apply across the switch. You can use the default values for these parameters, 
or adjust them as needed. 


While allowing only one active path through a network at any time, spanning 
tree retains any redundant physical path to serve as a backup (blocked) path 
in case the existing active path fails. Thus, if an active path fails, spanning tree 
automatically activates (unblocks) an available backup to serve as the new 
active path for as long as the original active path is down. For example, see 
the illustration on the next page. 


node 
A 


switch A 


node 
B 


switch D 
switch B 
switch C 


1 
path cost: 
100 


3 
path cost: 100 


4 
path cost:200 


• Active path from node A to node B: 1—> 3 
• Backup (redundant) path from node A to node B: 4 —> 2 —> 3 


2 
path cost: 100 


Figure 14-1. General Example of Redundant Paths Between Two Nodes 


In the factory default configuration, spanning tree operation is off. If a redun­ 
dant link (loop) exists between nodes in your network, you should enable the 
spanning tree operation of your choice. 


Not e	 
Spanning tree retains its current parameter settings when disabled. Thus, if 
you disable spanning tree, then later re-enable it, the parameter settings will 
be the same as before spanning tree was disabled. 
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Spanning Tree Operation with 802.1Q VLANs. As recommended in the 
IEEE 802.1Q VLAN standard, when spanning tree is enabled on the switch, a 
single spanning tree is configured for all ports across the switch, including 
those in separate VLANs (that is, single-instance spanning tree, which gener­ 
ates untagged BPDUs). This means that if redundant physical links exist in 
separate VLANs, spanning tree will block all but one of those links. However, 
if you need to use spanning tree on the switch in a VLAN environment with 
redundant physical links, you can prevent blocked redundant links by using 
a port trunk. The following example shows how you can use a port trunk with 
802.1Q (tagged) VLANs and spanning tree without unnecessarily blocking any 
links or losing any bandwidth. 


Problem: 
STP enabled with 2 
separate (non-trunked) 
links blocks a VLAN link. 


Solution: 
STP enabled with 
one trunked link. 


Nodes 1 and 2 cannot 
communicate because 
STP is blocking the link. 


Nodes 1 and 2 can communicate because STP 
sees the trunk as a single link and 802.1Q (tagged) 
VLANs enable the use of one (trunked) link for 
both VLANs. 


Figure 14-2. Example of Using a Trunked Link with STP and VLANs 


For more information, refer to “Spanning Tree Operation with VLANs” on page 
12-30. 
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Spanning Tree Options: RSTP (802.1w) 
and STP (802.1D) 


RSTP (802.1w) 


The IEEE 802.1D version of spanning tree (STP) can take a fairly long time to 
resolve all the possible paths and to select the most efficient path through the 
network. The IEEE 802.1w Rapid Reconfiguration Spanning Tree (RSTP) 
significantly reduces the amount of time it takes to establish the network path. 
The result is reduced network downtime and improved network robustness. 


In addition to faster network reconfiguration, RSTP also implements greater 
ranges for port path costs to accommodate the higher and higher connection 
speeds that are being implemented. 


RSTP is designed to be compatible with IEEE 802.1D STP, and HP recom­ 
mends that you employ it in your network. For more information, refer to 
“Transitioning from STP to RSTP” on page 14-8. 


STP (802.1D) 


The IEEE 802.1D version of spanning tree has been in wide use and can coexist 
in a network in which RSTP (802.1w) has been introduced. if your network 
currently uses 802.1D STP and you are not yet ready to implement RSTP, you 
can apply STP to the switch until such time as you are ready to move ahead 
with RSTP. STP offers the full range of STP features found in earlier product 
releases, including: 


■	 
STP Fast Mode for Overcoming Server Access Failures: If an end 
node is configured to automatically access a server, the duration of the 
STP startup sequence can result in a “server access failure”. On ports 
where this is a problem, configuring STP Fast Mode can eliminate the 
failure. For more information, see “STP Fast Mode” on page 14-25. The 
next sections describe how to configure STP on the switch. For more 
information on STP operation, see “HowSpanning Tree Operates” on page 
14-4. 


■	 
Fast-Uplink STP for Improving the Recovery (Convergence) Time 
in Wiring Closet Switches with Redundant Uplinks: This means that 
a switch having redundant links toward the root device can decrease the 
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convergence time to a new uplink port to as little as ten seconds. For more 
information, refer to “Fast-Uplink Spanning Tree Protocol (STP)” on page 
14-26. 


C a u t i o n 
Because the switch automatically gives faster links a higher priority, the 
default STP parameter settings are usually adequate for spanning tree 
operation. Also because incorrect STP settings can adversely affect network 
performance, you should not make changes unless you have a strong under- 
standing of how STP operates. For more on STP, see the IEEE 802.1D standard. 


Configuring Rapid Reconfiguration 
Spanning Tree (RSTP) 


This section describes the operation of the IEEE 802.1w Rapid Spanning Tree 
Protocol (RSTP). The next table shows where you can find information on 
specific features. 


RSTP Feature 
Default 
Menu 
CLI 
Web 


Viewing the RSTP/STP configuration 
n/a 


enable/disable RSTP/STP 
disabled 
(RSTP is selected as the default protocol) 


reconfiguring whole-switch values 
Protocol Version: RSTP 


page 14-16 page 14-10 
n/a 


page 14-16 page 14-11 page 14-17 


page 14-16 page 14-12 
n/a 


page 14-16 page 14-14 
n/a 
reconfiguring per-port values 


Force Version:
 


Switch Priority: 


Hello Time:
 


Max Age:
 


Forward Delay: 


Path Cost: 


Priority:
 


Edge Port:
 


Point-to-point: 



MCheck: 



RSTP-operation
 


8
 


2 s
 


20 s
 


15 s
 


depends on port 
type 


8
 


Yes
 


Force-true
 


Yes
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As indicated in the manual, the spanning tree protocol is used to ensure that 
only one active path at a time exists between any two end nodes in the network 
in which your switch is installed. Multiple paths cause a loop in the network 
over which broadcast and multicast messages are repeated continuously, 
which floods the network with traffic creating a broadcast storm. 


In networks where there is more than one physical path between any two 
nodes, enabling spanning tree ensures a single active path between two such 
nodes by selecting the one most efficient path and blocking the other redun­ 
dant paths. If a switch or bridge in the path becomes disabled, spanning tree 
activates the necessary blocked segments to create the next most efficient 
path. 


Transitioning from STP to RSTP 


IEEE 802.1w RSTP is designed to be compatible with IEEE 802.1D STP. Even 
if all the other devices in your network are using STP, you can enable RSTP 
on your switch, and even using the default configuration values, your switch 
will interoperate effectively with the STP devices. If any of the switch ports 
are connected to switches or bridges on your network that do not support 
RSTP, RSTP can still be used on this switch. RSTP automatically detects when 
the switch ports are connected to non-RSTP devices in the spanning tree and 
communicates with those devices using 802.1D STP BPDU packets. 


Because RSTP is so much more efficient at establishing the network path, it 
is highly recommended that all your network devices be updated to support 
RSTP. RSTP offers convergence times of less than one second under optimal 
circumstances. To make the best use of RSTP and achieve the fastest possible 
convergence times, though, there are some changes that you should make to 
the RSTP default configuration. See “Optimizing the RSTP Configuration” 
below, for more information on these changes. 


Not e	 
Under some circumstances, it is possible for the rapid state transitions 
employed by RSTP to result in an increase in the rates of frame duplication 
and misordering in the switched LAN. In order to allow RSTP switches to 
support applications and protocols that may be sensitive to frame duplication 
and misordering, setting the Force Protocol Version parameter to STP-com- 
patible allows RSTP to be operated with the rapid transitions disabled. The 
value of this parameter applies to all ports on the switch. See information on 
Force Version on page 14-12. 


As indicated above, one of the benefits of RSTP is the implementation of a 
larger range of port path costs, which accommodates higher network speeds. 
New default values have also been implemented for the path costs associated 
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with the different network speeds. This can create some incompatibility 
between devices running the older 802.1D STP and your switch running RSTP. 
Please see the “Note on Path Cost” on page 14-15 for more information on 
adjusting to this incompatibility. 


Configuring RSTP 


The default switch configuration has spanning tree disabled with RSTP as the 
selected protocol. That is, when spanning tree is enabled, RSTP is the version 
of spanning tree that is enabled, by default. 


Optimizing the RSTP Configuration 


To optimize the RSTP configuration on your switch, follow these steps (note 
that for the Menu method, all of these steps can be performed at the same 
time by making all the necessary edits on the “Spanning Tree Operation” 
screen and then saving the configuration changes): 


1. 
Set the switch to support RSTP (RSTP is the default): 


CLI: spanning-tree protocol-version rstp 


Menu: Main Menu —> 2. Switch Configuration —> 4. Spanning Tree 
Operation —> select Protocol Version: RSTP 


2.	 
Set the “point-to-point-mac” value to false on all ports that are connected 
to shared LAN segments (that is, to connections to hubs): 


CLI: spanning-tree [ethernet] <port-list> point-to-point-mac force-false 


Menu: Main Menu —> 2. Switch Configuration —> 4. Spanning Tree 
Operation —> for each appropriate port, select Point-to-Point: Force-False 


3.	 
Set the “edge-port” value to false for all ports connected to other switches, 
bridges, and hubs: 


CLI: no spanning-tree [ethernet] <port-list> edge-port 


Menu: Main Menu —> 2. Switch Configuration —> 4. Spanning Tree 
Operation —> for each appropriate port, select Edge: No 


4.	 
Set the “mcheck” value to false for all ports that are connected to devices 
that are known to be running IEEE 802.1D spanning tree: 


CLI: no spanning-tree [ethernet] <port-list> mcheck 


Menu: Main Menu —> 2. Switch Configuration —> 4. Spanning Tree 
Operation —> for each appropriate port, select MCheck: No 
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5. 
Enable RSTP Spanning Tree: 


CLI: spanning-tree 


Menu: Main Menu —> 2. Switch Configuration —> 4. Spanning Tree 
Operation —> select
 
STP Enabled: Yes
 


CLI: Configuring RSTP 


Spanning Tree Commands in This Section 
Applicable 
Location 


Protocol 
Version 


show spanning-tree config 


spanning-tree
 


protocol-version <rstp | stp>
 


force-version <rstp-operation | stp-compatible>
 


forward-delay <4 - 30>
 


hello-time <1 - 10>
 


maximum-age <6 - 40>
 


priority <0 - 15 | 0 - 65535>
 


<[ethernet] port-list>
 


path-cost <1 - 200 000 000>
 


priority <0 - 15 | 0 - 65535>
 


edge-port
 


point-to-point-mac
 


mcheck
 


mode <norm | fast>
 


show spanning-tree 


both
 


both
 


both
 


RSTP
 


both
 


both
 


both
 


RSTP | STP
 


both
 


both
 


RSTP | STP
 


RSTP
 


RSTP
 


RSTP
 


STP
 


Below on this page 


page 14-11 


page 14-12 


page 14-12 


page 14-12 


page 14-12 


page 14-12 


page 14-12 


page 14-14 


page 14-14 


page 14-14 


page 14-14 


page 14-14 


page 14-14 


Referto “802.1D Spanning-Tree Protocol (STP)” 
on page 14-18. 


This command lists additional RSTP/STP monitoring data that is 
not covered in this section. See “Spanning Tree Protocol 
Information” in appendix B, “Monitoring and Analyzing Switch 
Operation” 


Viewing the Current Spanning Tree Configuration. Even if spanning 
tree is disabled (the default configuration), the show spanning-tree config 
command lists the switch’s full spanning tree configuration, including whole- 
switch and per-port settings. 


Syntax: 
show spanning-tree configuration 


Abbreviation: 
sho span config 
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In the default configuration, the output from this command appears similar to 
the following: 


Figure 14-3. Example of the Spanning Tree Configuration Display 


Enabling or Disabling RSTP. Issuing the command to enable spanning 
tree on the switch implements, by default, the RSTP version of spanning tree 
for all physical ports on the switch. Disabling spanning tree removes protec­ 
tion against redundant network paths. 


Syntax: [no] spanning-tree 


Abbreviation: [no] span 


This command enables spanning tree with the current parameter settings or 
disables spanning tree, using the “no” option, without losing the most-recently 
configured parameter settings. 
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Enabling STP Instead of RSTP. If you decide, for whatever reason, that 
you would prefer to run the IEEE 802.1D (STP) version of spanning tree, then 
issue the following command: 


Syntax: spanning-tree protocol-version stp 


Abbreviation: span prot stp 


For the STP version of spanning tree, the rest of the information in this section 
does not apply. Refer to “802.1D Spanning-Tree Protocol (STP)” on page 14-18 
for more information on the STP version and its parameters. 


Reconfiguring Whole-Switch Spanning Tree Values. You can configure 
one or more of the following parameters, which affect the spanning tree 
operation of the whole switch: 


Table 14-1.Whole-Switch RSTP Parameters 


Parameter 
Default 
Description 


protocol-version RSTP	 
Identifies which of the spanning tree protocols will be used when spanning tree 
is enabled on the switch. 


force-version 
rstp-operation	 
Sets the spanning tree compatibility mode. Even if rstp-operation is selected 
though, if the switch detects STP BPDU packets on a port, it will communicate 
to the attached device using STP BPDU packets. 
If errors are encountered, as described in the Note on page 8, the Force-Version 
value can be set to stp-compatible, which forces the switch to communicate 
out all ports using operations that are compatible with IEEE 802.1D STP. 


priority 
32768 
Specifies the protocol value used along with the switch MAC address to 


(8 as a step value) determine which device in the spanning tree is the root. The lower the priority 


value, the higher the priority. 
The value you enter has changed from the STP value. The range is 0 - 61440, but 
for RSTP the value is entered as a multiple (a step) of 4096. You enter a value in 
the range 0 - 15. The default value of 32768 is derived by the default setting of 8. 
Displaying the RSTP configuration (show spanning-tree config) shows 8, but 
displaying the RSTP operation (show spanning-tree) shows 32768. 


*maximum-age 
20 seconds	 
Sets the maximum age of received spanning tree information before it is 
discarded. The range is 6 to 40 seconds. 


*hello-time 
2 seconds	 
Sets the time between transmission of spanning tree messages. Used only when 
this switch is the root. The range is 1 to 10 seconds. 


*forward-delay 
15 seconds	 
Sets the time the switch waits between transitioning ports from listening to 
learning and from learning to forwarding states. The range is 4 to 30 seconds. 


*These parameters are the same for RSTP as they are for STP. The switch uses its own maximum-age, hello-time, and 
forward-delay settings only if it is operating as the root device in the spanning tree. If another device is the root device, 
then the switch uses the other device’s settings for these parameters. 
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Not e	 
Executing the spanning-tree command alone enables spanning tree. Executing 
the command with one or more of the whole-switch RSTP parameters shown 
in the table on the previous page, or with any of the per-port RSTP parameters 
shown inthe table on page 14, does not enable spanning tree. It only configures 
the spanning tree parameters, regardless of whether spanning tree is actually 
running (enabled) on the switch. 


Using this facility, you can completely configure spanning tree the way you 
want and then enable it. This method minimizes the impact on the network 
operation. 


Syntax: 


spanning-tree 
protocol-version <rstp | stp> 
force-version <rstp-operation | stp-compatible> 
priority <0 - 15> 
maximum-age <6 - 40 seconds> 
hello-time <1- 10 seconds> 
forward-delay <4 - 30 seconds> 


Defaults: see the table on the previous page. 


Abbreviations: 


span 
prot <rstp | stp> 
forc <rstp | stp> 
pri <0 - 15> 
max <6 - 40> 
hello <1 - 10> 
forw <4 - 30> 


Multiple parameters can be included on the same command line. For example, 
to configure a maximum-age of 30 seconds and a hello-time of 3 seconds, you 
would issue the following command: 


HPswitch (config)# span max 30 hello 3
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Reconfiguring Per-Port Spanning Tree Values. You can configure one or 
more of the following parameters, which affect the spanning tree operation 
of the specified ports only: 


Table 14-2.Per-Port RSTP Parameters 


Parameter 
Default 
Description 


edge-port 
Yes	 
Identifies ports that are connected to end nodes. During spanning tree 
establishment, these ports transition immediately to the Forwarding state. 
In this way, the ports operate very similarly to ports that are configured in “fast 
mode” under the STP implementation in previous HP switch software. 
Disable this feature on all switch ports that are connected to another switch, or 
bridge, or hub. Use the “no” option on the spanning tree command to disable 
edge-port. 


mcheckt 
Yes	 
Ports with mcheck set to true are forced to send out RSTP BPDUs for 3 seconds. 
This allows for switches that are running RSTP to establish their connection 
quickly and for switches running 802.1D STP to be identified. 
If the whole-switch parameter Force-Version is set to “stp-compatible”, the 
mcheck setting is ignored and STP BPDUs are sent out all ports. 
Disable this feature on all ports that are known to be connected to devices that 
are running 802.1D STP. Use the “no” option on the spanning tree command to 
disable mcheck. 


path-cost	 
10 Mbps – 2 000 000 
Assigns an individual port cost that the switch uses to determine which ports 


100 Mbps – 200 000 
are the forwarding ports. The range is 1 to 200,000,000 or auto. 


1 Gbps – 20 000	 
By default, this parameter is automatically determined by the port type, as shown 
by the different default values. If you have previously configured a specific value 
for this parameter, you can issue the command with the auto option to restore 
the automatic setting feature. 
Please see the Note on Path Cost on page 14-15 for information on compatibility 
with devices running 802.1D STP for the path cost values. 


point-to- 
force-true 
This parameter is used to tell the port if it is connected to a point-to-point link, 


point-mac 
such as to another switch or bridge or to an end node (force-true). 
This parameter should be set to force-false for all ports that are connected to a 
hub, which is a shared LAN segment. 
You can also set this parameter to auto and the switch will automatically set the 
force-false value on all ports that it detects are not running at full duplex. All 
connections to hubs are not full duplex. 


priority	 
128 
This parameter is used by RSTP to determine the port(s) to use for forwarding. 


(8 as a step value) 
The port with the lowest number has the highest priority. 
The range is 0 to 240, but you configure the value by entering a multiple of 16. 
You enter a value in the range 0 - 15. The default value of 128 is derived by the 
default setting of 8. 
Displaying the RSTP configuration (show spanning-tree config) shows 8, but 
displaying the RSTP operation (show spanning-tree) shows 128. 
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Syntax: 


spanning-tree [ethernet] <port-list> 
path-cost <1 - 200000000> 
point-to-point-mac <force-true | force-false | auto> 
priority <0 - 15> 


[no] spanning-tree [ethernet] <port-list> 
edge-port 
mcheck 


Defaults: see the table on the previous page. 


Abbreviations:	 


span <port-list> 
path <1 - 200000000> 
forc <force-t | force-f | auto> 
pri <0 - 15> 


[no] span <port-list> 
edge 
mch 


Note on Path Cost	 
RSTP implements a greater range of path costs and new default path cost 
values to account for higher network speeds. These values are different than 
the values defined by 802.1D STP as shown below. 


Port Type 
802.1D STP Path Cost 
RSTP Path Cost 


10 Mbps 
100 
2 000 000 


100 Mbps 
10 
200 000 


1 Gbps 
5 
20 000 


10 Gbps 
? 
2000 


Because the maximum value for the path cost allowed by 802.1D STP is 65535, 
devices running that version of spanning tree cannot be configured to match 
the values defined by RSTP, at least for 10 Mbps and 100 Mbps ports. In LANs 
where there is a mix of devices running 802.1D STP and RSTP, you should 
reconfigure the devices so the path costs match for ports with the same 
network speeds. 
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Menu: Configuring RSTP 


1.	 
From the console CLI prompt, enter the menu command. 


HPswitch# menu 


2. 
From the switch console Main Menu, select 


2. Switch Configuration ... 


4. Spanning Tree Operation 


3. 
Press [E] (for Edit) to highlight the Protocol Version parameter field. 


4.	 
Press the Space bar to select the version of spanning tree you wish to run: 
RSTP or STP. 


Note: If you change the protocolversion, you will have to reboot the switch 
for the change to take effect. See step 9 and step 10. 


5.	 
Press the [Tab] or down arrow key to go to the STP Enabled field. Note that 
when you do this, the remaining fields on the screen will then be appro­ 
priate for the version of spanning tree that was selected in step 3. The 
screen image below is for RSTP. 


6. 
Press the Space bar to select Yes to enable spanning tree. 


Figure 14-4. Example of the RSTP Configuration Screen 


14-16 


802.1w Rapid Spanning Tree Protocol (RSTP) and 802.1d Spanning Tree Protocol (STP) 


Configuring Rapid Reconfiguration Spanning Tree (RSTP) 


7.	 
Press the [Tab] key or use the arrow keys to go to the next parameter you 
want to change, then type in the new value or press the Space bar to select 
a value. (To get help on this screen, press [Enter] to select the Actions –> 
line, then press [H], for Help, to display the online help.) 


8. 
Repeat step 6 for each additional parameter you want to change. 


Please see “Optimizing the RSTP Configuration” on page 14-9 for recom­ 
mendations on configuring RSTP to make it operate the most efficiently. 


9.	 
When you are finished editing parameters, press [Enter] to return to the 
Actions –> line and press [S] to save the currently displayed spanning tree 
settings and return to the Main Menu. 


10.	 If you have changed the Protocol Version, in step 1, reboot the switch now 
by selecting 


6. Reboot Switch 


Web: Enabling or Disabling RSTP 


In the web browser interface, you can enable or disable spanning tree on the 
switch. If the default configuration is in effect such that RSTP is the selected 
protocol version, enabling spanning tree through the web browser interface 
will enable RSTP with its current configuration. To configure the other span­ 
ning tree features, telnet to the switch console and use the CLI or menu. 


To enable or disable spanning tree using the web browser interface: 


1. 
Click on the Configuration tab. 


2. 
Click on Device Features. 


3. 
Enable or disable spanning tree. 


4. 
Click on Apply Changes to implement the configuration change. 
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802.1D Spanning-Tree Protocol (STP) 


Menu: Configuring 802.1D STP 


1. 
From the Main Menu, select: 


2. Switch Configuration . . . 


4. Spanning Tree Operation 


Use this field to select the 802.1D version of STP. 


Figure 14-5. The Default “Spanning Tree Operation” Screen 


2.	 
Press [E] (for Edit) to highlight the Protocol Version field. In the default 
configuration this field is set to RSTP. 


3.	 
Press the Space bar once to change the field to STP. This changes the 
Protocol Version selection to the 802.1D Spanning Tree Protocol. 


4. 
Press [v] to highlight the STP Enabled field. 


5.	 
Press the Space bar to select Yes . (Yes in this field means to enable 
spanning-tree operation.) 
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Use this field to enable spanning tree. 
Read-Only Fields 


Figure 14-6. Enabling Spanning-Tree Operation 


6.	 
If the remaining STP parameter settings are adequate for your network, 
go to step 10. 


7.	 
Use [Tab] or the arrow keys to select the next parameter you want to 
change, then type in the new value or press the Space Bar to select a value. 
(If you need information on STP parameters, press [Enter] to select the 
Actions line, then press [H] to get help.) 


8. 
Repeat step 7 for each additional parameter you want to change. 


Note: For information on the Mode parameter, see “STP Fast Mode” on 
page 14-25. 


9.	 
When you are finished editing parameters, press [Enter] to return to the 
Actions line. 


10.	 Press [S] to save the currently displayed STP parameter settings. You will 
then see the “Switch Configuration Menu” with an asterisk (*) at the 
Spanning Tree Operation line, indicating that you must reboot the switch 
before the Protocol Version change (step 5) takes effect. 
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Figure 14-7. The Configuration Menu Indicating a Reboot Is Needed to Implement a 
Configuration Change 


11. Press [0] to return to the Main menu. 


Figure 14-8. 	The Main Menu Indicating a Reboot Is Needed To Implement a 
Configuration Change 


12.	 Press [6] to reboot the switch. This implements the Protocol Version 
change (steps 2 and 3 on page 14-18). 
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CLI: Configuring 802.1D STP 


STP Commands Used in This Section 


show spanning-tree config 
Below 


spanning-tree 


protocol-version 
page 14-22 


forward-delay <4 - 30> 
page 14-23 


hello-time <1 - 10> 
page 14-23 


maximum-age <6 - 40> 
page 14-23 


priority <0 - 65535> 
page 14-23 


ethernet <port-list> 
page 14-24 


path-cost <1 - 65535> 
page 14-24 


priority <0 - 255> 
page 14-24 


mode <norm | fast> 
page 14-24 


show spanning tree	 
Lists additional STP data not covered in this chapter. See 
“Spanning Tree Protocol (STP) Information” on page B-17 


Viewing the Current STP Configuration. Regardless of whether STP is 
disabled (the default), this command lists the switch’s full STP configuration, 
including general settings and port settings. 


Syntax: 
show spanning-tree config 


When the switch is configured for 802.1D STP, this command displays infor­ 
mation similar to the following: 


Command Listing when 
STP is the Protocol Version 
(See also page 14-10 


Figure 14-9. Example of the Default STP Configuration Listing with 802.1D STP 
Configured at the Protocol Version 
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Configuring the Switch To Use the 802.1D Spanning Tree Protocol 
(STP). In the default configuration, the switch is set to RSTP (that is, 802.1w 
Rapid Spanning Tree), and spanning tree operation is disabled. To reconfigure 
the switch to 802.1D spanning tree, you must: 


1. 
Change the spanning tree protocol version to stp. 


2. 
Use write memory to save the change to the startup-configuration. 


3. 
Reboot the switch. 


4.	 
If you have not previously enabled spanning-tree operation on the switch, 
use the spanning-tree command again to enable STP operation. 


Syntax:	 
spanning-tree protocol-version stp 
write memory 
boot 


For example: 


Figure 14-10. Steps for Changing Spanning-Tree Operation to the 802.1D Protocol 


Enabling (or Disabling) Spanning Tree Operation on the Switch.	 


This command enables (or disables) spanning tree operation for either span­ 
ning tree version—STP/802.1D or RSTP/802.1w (thedefault). Before using this 
command, ensure that the version of spanning tree you want to use is active 
on the switch. (See the preceding topic, “Configuring the Switch To Use the 
802.1D Spanning Tree Protocol (STP)” on page 14-22.) 


Syntax: 
[ no ] spanning-tree 


Default: 
Disabled 


For example: 


HPswitch spanning-tree
 


Enabling STP implements the spanning tree protocol for all physical ports on 
the switch, regardless of whether multiple VLANs are configured. Disabling 
STP removes protection against redundant loops that can significantly slow 
or halt a network. 


14-22 


802.1w Rapid Spanning Tree Protocol (RSTP) and 802.1d Spanning Tree Protocol (STP) 


802.1D Spanning-Tree Protocol (STP) 


This command enables STP with the current parameter settings or disables 
STP withoug losing the most-recently configuredparameter settings.(Tolearn 
how the switch handles parameter changes, how to test changes without 
losing the previous settings, and how to replace previous settings with new 
settings, see Chapter 6, “Switch Memory and Configuration”.) When enabling 
STP, you can also include the STP general and per-port parameters described 
in the next two sections. When you use the “no” form of the command, you 
can do so only to disable STP. (STP parameter settings are not changed when 
you disable STP.) 


C a u t i o n 
Because incorrect STP settings can adversely affect network performance, 
HP recommends that you use the default STP parameter settings. You should 
not change these settings unless you have a strong understanding of how STP 
operates. For more on STP, see the IEEE 802.1D standard. 


Reconfiguring General STP Operation on the Switch. You can config­ 
ure one or more of the following parameters: 


Table 14-3. General STP Operating Parameters 


Name 
Default 
Range 
Function 


priority 
32768 
0 - 65535	 Specifies the priority value used along with the 
switch MAC address to determine which device is 
root. The lower a priority value, the higher the 
priority. 


*maximum-age 
20 seconds 6 - 40 
Maximum received message age the switch 
seconds allows for STP information before discarding the 
message. 


*hello-time 
2 seconds 
1 - 10	 
Time between messages transmitted when the 
switch is the root. 


*forward-delay 
15 seconds 4 - 30 


seconds 


Time the switch waits before transitioning from the 
listening to the learning state, and between the 
learning state to the forwarding state. 


*The switch uses its own maximum-age, hello-time, and forward-delay settings only if it is 
operating as the root device. If another device is operating as the root device, then the switch 
uses the other device’s settings for these parameters. 
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Not e	 
Executing spanning-tree alone enables STP. Executing spanning-tree with one 
or more of the above “STP Operating Parameters” does not enable STP. It only 
configures the STP parameters (regardless of whether STP is actually running 
(enabled) on the switch). 


Syntax: 
spanning-tree 
priority < 0 - 65355 > 
maximum-age < 6 - 40 seconds > 
hello-time < 1 - 10 seconds > 
forward-delay < 4 - 30 seconds > 


Default: 
See table 14-3 on page 14-23. 


For example, to configure a maximum-age of 30 seconds and a hello-time of 3 
seconds for STP: 


HPswitch(config)# spanning-tree maximum-age 30 
hello-time 3
 


Reconfiguring Per-Port STP Operation on the Switch. This command 
enables STP (if not already enabled) and configures the following per-port 
parameters: 


Table 14-4. Per-Port STP Parameters 


Name 
Default 
Range 
Function 


path-cost Ethernet: 100 
1 - 65535 Assigns an individual port cost that the switch uses 


10/100Tx: 10 
100 Fx: 
10 
Gigabit: 
5 


to determine which ports are the forwarding ports. 


priority 
128 
0 - 255	 
Used by STP to determine the port(s) to use for 
forwarding. The port with the lowest number has 
the highest priority. 


mode 
norm 
norm 
Specifies whether a port progresses through the 


- or - 
listening, learning, and forwarding (or blocking) 


fast 
states (“norm” mode) or transitions directly to the 


- or - 
forwarding state (“fast” mode). 


uplink 
• For information on when to use Fast mode, see 


“STP Fast Mode” on page 14-25.) 


• For information on Uplink mode, see “Fast- 


Uplink Spanning Tree Protocol (STP)” on page 
14-26 


You can also include STP general parameters in this command. See “Recon­ 
figuring General STP Operation on the Switch” on page 14-23. 
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Syntax: 
spanning-tree [ethernet] < port-list > 
path-cost < 1 - 65535 > 
priority < 0 - 255 > 
mode < norm | fast > 


Default: 
See table 14-4 on page 14-24. 


For example, the following configures ports C5 and C6 to a path cost of 15, a 
priority of 100, and fast mode: 


HPswitch(config)# spanning-tree c5-c6 path-cost 15
 
priority 100 mode fast
 


STP Fast Mode 


For standard STP operation, when a network connection is established on a 
device that is running STP, the port used for the connection goes through a 
sequence of states (Listening and Learning) before getting to its final state 
(Forwarding or Blocking, as determined by the STP negotiation). This 
sequence takes two times the forward delay value configured for the switch. 
The default is 15 seconds on HP switches, per the IEEE 802.1D standard 
recommendation, resulting in a total STP negotiation time of 30 seconds. Each 
switch port goes through this start-up sequence whenever the network con­ 
nection is established on the port. This includes, for example, when the switch 
or connected device is powered up, or the network cable is connected. 


A problem can arise from this long STP start-up sequence because some end 
nodes are configured to automatically try to access a network server when- 
ever the end node detects a network connection. Typical server access 
includes to Novell servers, DHCP servers, and X terminal servers. If the server 
access is attempted during the time that the switch port is negotiating its STP 
state, the server access will fail. To provide support for this end node behavior, 
the switch offers a configuration mode, called “Fast Mode”, that causes the 
switch port to skip the standard STP start-up sequence and put the port 
directly into the “Forwarding” state, thus allowing the server access request 
to be forwarded when the end node needs it. 


If you encounter end nodes that repeatedly indicate server access failure when 
attempting to bring up their network connection, and you have enabled STP 
on the switch, try changing the configuration of the switch ports associated 
with those end nodes to STP Fast Mode. 
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C a u t i o n 
The Fast Mode configuration should be used only on switch ports connected 
to end nodes. Changing the Mode to Fast on ports connected to hubs, switches, 
or routers may cause loops in your network that STP may not be able to 
immediately detect, in all cases. This will cause temporary loops in your 
network. After the fast start-up sequence, though, the switch ports operate 
according to the STP standard, and will adjust their state to eliminate continu­ 
ing network loops. 


To Enable or Disable Fast Mode for a Switch Port: 


You can use either the CLI or the menu interface to toggle between STP Fast 
mode and STP Normal mode. (To use the menu interface, see “Menu: Config­ 
uring 802.1D STP” on page 14-18.) 


Syntax: 
spanning-tree <port list> mode <fast | norm> 


For example, to configure Fast mode for ports C1-C3 and C5: 


HPswitch(config)# spanning-tree c1-c3,c5 mode fast
 


Fast-Uplink Spanning Tree Protocol (STP) 


Fast-Uplink STP is an option added to the switch’s 802.1D STP to improve the 
recovery (convergence) time in wiring closet switches with redundant 
uplinks. Specifically, a switch having redundant links toward the root device 
can decrease the convergence time (or failover) to a new uplink (STP root) 
port to as little as ten seconds. To realize this performance, the switch must be: 


■	 
Used as a wiring closet switch (also termed an edge switch or a leaf 
switch). 


■	 
Configured for fast-uplink STP mode on two or more ports intended for 
redundancy in the direction of the root switch, so that at any time only 
one of the redundant ports is expected to be in the forwarding state. 


Not e	 
Fast-Uplink STP operates only with 802.1D STP and is not available with the 
Rapid STP (802.1w) feature (page 14-7). 
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C a u t i o n 
In general, fast-uplink spanning tree on the switch is useful when running STP 
in a tiered topology that has well-defined edge switches. Also, ensure that an 
interior switch is used for the root switch and for any logical backup root 
switches. You can accomplish this by using the Spanning Tree Priority (some- 
times termed bridge priority) settings that define the primary STP root switch 
and at least one failover root switch (in the event that the primary root switch 
fails). Inappropriate use of Fast-Uplink STP can cause intermittant loops in a 
network topology. For this reason, the Fast-Uplink STP feature should be used 
only by experienced networkadministrators who have a strong understanding 
of the IEEE 802.1D standard and STP interactions and operation. If you want 
to learn more about STP operation, you may find it helpful to refer to 
publications such as: 


Perlman, Radia, Interconnections, Second Edition; Bridges, Routers, 
Switches, and Internetworking Protocols, Addison-Wesley Professional 
Computing Series, October 1999 


Not e	 
When properly implemented, fast-uplink STP offers a method for achieving 
faster failover times than standard STP, and is intended for this purpose for 
instances where 802.1D STP has been chosen over 802.1w RSTP. 


To use fast-uplink STP, configure fast-uplink (Mode = Uplink) only on the 
switch’s upsteam ports; (that is, two or more ports forming a group of 
redundant links in the direction of the STP root switch). If the active link in 
this group goes down, fast-uplink STP selects a different upstream port as the 
root port and resumes moving traffic in as little as ten seconds. The device(s) 
on the other end of the links must be running STP. However, because fast 
uplink should be configured only on the switch’s uplink ports, the device(s) 
on the other end of the links can be either HP devices or another vendor’s 
devices, regardless of whether they support fast uplink. For example: 


• STP is running on both switches. 


• Port "A" and port "B" are both configured for 
fast-uplink STP (Mode = Uplink). 


STP Root 
Switch 


HP 
Procurve 
Switch 
(Wiring 
Closet, or 
Edge 
Switch) 


LAN 


STP Blocking 


Port A is the STP root port. 


B 


Port B provides a backup redundant link. 
that becomes the new STP root port 
(uplink port) if the link through port A 


C 
A 
D 


E 


Figure 14-11. Example of How To Implement Fast-Uplink STP 
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Terminology 


Term 
Definition 


downlink port 
A switch port that is linked to a port on another switch (or to an end node) that is sequentially 


(downstream port) 
further away from the STP root device. For example, port "C" in figure 14-11, above, is a 
downlink port. 


edge switch	 
For the purposes of fast-uplink STP, this is a switch that has no other switches connected to 
its downlink ports. An edge switch is sequentially further from the root device than other 
switches to which it is connected. Also termed wiring closet switch or leaf switch. For 
example, switch "4" in figure 14-12 (page 28) is an edge switch. 


interior switch	 
In an STP environment, a switch that is sequentially closer to the STP root device than one 
or more other switches to which it is connected. For example, switches "1", "2", and "3" in 
figure 14-12 (page 28) are interior switches. 


single-instance spanning A single spanning-tree ensuring that there are no logical network loops associated with any 
of the connections to the switch, regardless of whether there are any VLANs configured on 
the switch. For more information, see "Spanning Tree Protocol (STP)" in chapter 9, "Configuring 
Advanced Features", in the Management and Configuration Guide for your switch. 


tree 


uplink port 
(upstream port) 


A switch port linked to a port on another switch that is sequentially closer to the STP root 
device. For example, ports "A" and "B" in figure 14-11 on page 27 are uplink ports. 


wiring closet switch 
Another term for an "edge" or "leaf" switch. 


When single-instance spanning tree (STP) is running in a network and a 
forwarding port goes down, a blocked port typically requires a period of 


(2 x (forward delay) + link down detection) 


to transition to forwarding. In a normal spanning tree environment, this 
transition is usually 30 seconds (with the Forward Delay parameter set to its 
default of 15 seconds). However, by using the fast-uplink spanning tree 
feature, a port on a switch used as an edge switch can make this transition in 
as little as ten seconds. (In an STP environment, an edge switch is a switch 
that is connected only to switches that are closer to the STP root switch than 
the edge switch itself, as shown by switch "4" in figure 14-12, below.) 


Switch 4 


(Edge) 


Switch 3 


Switch 1 


(Root) 


Switch 2 


Port 3 


Port 5 


Link blocked by STP: 


1 


6 
8 


LAN 


Figure 14-12. Example of an Edge Switch in a Topology Configured for STP Fast Uplink 


In figure 14-12, STP is enabled and in its default configuration on all switches, 
unless otherwise indicated in table 14-5, below: 
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Table 14-5. STP Parameter Settings for Figure 14-12 


STP Parameter 
Switch "1" 
Switch "2" 
Switch "3" 
Switch "4" 


Switch Priority 
01 
12 
32,768 (default) 
32,768 (default) 


(Fast) Uplink 
No 
No 
No 
Ports 3 & 5 


1This setting ensures that Switch "1" will be the primary root switch for STP in figure 14-12. 
2This setting ensures that Switch "2" will be the backup root switch for STP in figure 14-12. 


With the above-indicated topology and configuration: 


■	 
Scenario 1: If the link between switches "4" and "2" goes down, then the 
link between switches "4" and "3" will begin forwarding in as little as ten 
seconds. 


■ 
Scenario 2: If Switch "1" fails, then: 


• 
Switch "2" becomes the root switch. 


• 
The link between Switch "3" and Switch "2" begins forwarding. 


• 
The link between Switch "2" and the LAN begins forwarding. 


Operating Rules for Fast Uplink 


■	 
A switch with ports configured for fast uplink must be an edge switch and 
not either an interior switch or the STP root switch. 


Configure fast-uplink on only the edge switch ports used for providing 
redundant STP uplink connections in a network. (Configuring Fast-Uplink 
STP on ports in interior switches can create network performance prob­ 
lems.) That is, a port configured for STP uplink should not be connected 
to a switch that is sequentially further away from the STP root device. For 
example, switch "4" in figure 14-12 (page 14-28) is an edge switch. 


■	 
Configure fast uplink on a group (two or more) of redundant edge-switch 
uplink ports where only one port in the group is expected to be in the 
forwarding state at any given time. 


14-29 


802.1w Rapid Spanning Tree Protocol (RSTP) and 802.1d Spanning Tree Protocol (STP) 
802.1D Spanning-Tree Protocol (STP) 


■	 
Edge switches cannot be directly linked together using fast-uplink ports. 
For example, the connection between switches 4 and 5 in figure 14-13 is 
not allowed for fast-uplink operation. 


Switch 4 
(Edge) 


Switch 3 


Switch 1 


(Root) 


Switch 2 


Link blocked by STP: 


LAN 


Switch 5 
(Edge) 


The ports 
that make up 
this link 
cannot be 
configured 
as fast- 
uplink ports. 


Figure 14-13. Example of a Disallowed Connection Between Edge Switches 


■	 
Apply fast-uplink only on the uplink ports of an edge switch. For example, 
on switch "4" (an edge switch) in figure 14-13 above, only the ports 
connecting switch "4" to switches "2" and "3" are upstream ports that 
would use fast uplink. Note also that fast uplink should not be configured 
on both ends of a point-to-point link, but only on the uplink port of an edge 
switch. 


■	 
Ensure that the switch you intend as a backup root device will in fact 
become the root if the primary root fails, and that no ports on the backup 
root device are configured for fast-uplink operation. For example, if the 
STP Priority is the same on all switches—default: 32768—then the switch 
with the lowest MAC address will become the root switch. If that switch 
fails, then the switch with the next-lowest MAC address will become the 
root switch. Thus, you can use STP Priority to control which switch STP 
selects as the root switch and which switch will become the root if the 
first switch fails. 


■ 
Fast-Uplink STP requires a minimum of two uplink ports. 


Menu: Viewing and Configuring Fast-Uplink STP 


You can use the menu to quickly display the entire STP configuration and to 
make any STP configuration changes. 
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To View and/or Configure Fast-Uplink STP. This procedure uses the 
Spanning Tree Operation screen to enable STP and to set the Mode for fast- 
uplink STP operation. 


1. 
From the Main Menu select: 


2. Switch Configuration . . . 


4. Spanning Tree Operation 


2.	 
In the default STP configuration, RSTP is the selected protocol version. 
If this is the case on your switch, you must change the Protocol Version 
to STP in order to use Fast-Uplink STP: 


• If the Protocol Version is set to RSTP (the default, as shown in this 
example, go to step 3. 
• If the Protocol Version is set to STP, the rest of the screen will appear 
as shown in figure 14-16. In this case, go to step 4 on page 14-33. 


Figure 14-14. The Default STP Screen With the Protocol Version Field Set to "RSTP" 
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3.	 
If the Protocol Version is set to RSTP (as shown in figure 14-14), do the 
following: 


a. 
Press [E] (Edit) to move the cursor to the Protocol Version field. 


b. Press the Space bar once to change the Protocol Version field to STP. 


c. 
Press [Enter] to return to the command line. 


d.	 Press [S] (for Save) to save the change and exit from the Spanning Tree 
Operation screen. you will then see a screen with the following: 


The asterisk indicates 
that you must reboot the 
switch to implement the 
configuration change 
from RSTP to STP. 


Figure 14-15. Changing from RSTP to STP Requires a System Reboot 


e.	 
Press [0] (zero) to return to the Main Menu, then [6] to reboot the 
switch. 


f.	 
After you reboot the switch, enter the menu command at the CLI to 
return to the Main Menu, then select: 


2. Switch Configuration . . . 


4. Spanning Tree Operation 


You will then see the Spanning Tree screen with STP (802.1D) selected 
in the Protocol Version field (figure 14-16). 
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In this example, ports 2 and 3 have 
already been configured as a port 
trunk (Trk1), which appears at the end 
of the port listing. 


All ports (and the trunk) are in their 
default STP configuration. 


Note: In the actual menu screen, you 
must scroll the cursor down the port 
list to view the trunk configuration 
(ports A2 and A3). 


Figure 14-16. The Spanning Tree Operation Screen 


4.	 
On the ports and/or trunks you want to use for redundant fast uplink 
connections, change the mode to Uplink. In this example, port A1 and Trk1 
(using ports A2 and A3) provide the redundant uplinks for STP: 


a.	 
Press [E] (for Edit), then enable STP on the switch by using the Space 
bar to select Yes in the Spanning Tree Enabled field. 


b. Use [Tab] to move to the Mode field for port A1. 


c. 
Use the Space bar to select Uplink as the mode for port A1. 


d. Use [v] to move to the Mode field for Trk1. 


e. 
Use the Space bar to select Uplink as the Mode for Trk1. 


f. 
Press [Enter] to return the cursor to the Actions line. 
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STP is enabled. 


Port A1 and Trk1 are 
now configured for 
fast-uplink STP. 


Figure 14-17. 	Example of STP Enabled with Two Redundant Links Configured for 
Fast-Uplink STP 


5.	 
Press [S] (for Save) to save the configuration changes toflash(non-volatile) 
memory. 


To View Fast-Uplink STP Status. Continuing from figures 14-16 and 14-17 
in the preceding procedure, this task uses the same screen that you would use 
to view STP status for other operating modes. 


1. 
From the Main Menu, select: 


1. Status and Counters . . . 


7. Spanning Tree Information 
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Indicates which uplink is the 
active path to the STP root device. 


Note: A switch using fast-uplink 
STP must never be the STP root 
device. 


Figure 14-18. Example of STP Status with Trk1 (Trunk 1) as the Path to the STP Root 
Device 


2. 
Press [S] (for Show ports) to display the status of individual ports. 


Links to PC or 
Workstation 
End Nodes 


Redundant 
STP Link in 
(Fast) Uplink 
Mode 


Redundant 
STP Link in 
(Fast) Uplink 
Mode 


Figure 14-19. Example of STP Port Status with Two Redundant STP Links 
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In figure 14-19: 


•	 
Port A1 and Trk1 (trunk 1; formed from ports 2 and 3) are redundant 
fast-uplink STP links, with trunk 1 forwarding (the active link) and 
port A1 blocking (the backup link). (To view the configuration for port 
A1 and Trk1, see figure 14-17 on page 14-34.) 


•	 
If the link provided by trunk 1 fails (on both ports), then port A1 begins 
forwarding in fast-uplink STP mode. 


•	 
Ports A5, A6, and A24 are connected to end nodes and do not form 
redundant links. 


CLI: Viewing and Configuring Fast-Uplink STP 


Using the CLI to View Fast-Uplink STP. You can view fast-uplink STP 
using the same show commands that you would use for standard STP opera­ 
tion: 


Syntax: 
show spanning-tree 
Lists STP status. 


show spanning-tree config 


Lists STP configuration for the switch and for individual 
ports. 


For example, figures 14-20 and 14-21 illustrate a possible topology, STP status 
listing, and STP configuration for a switch with: 


■ 
STP enabled and the switch operating as an Edge switch 


■ 
Port A1 and trunk 1 (Trk1) configured for fast-uplink STP operation 


■ 
Several other ports connected to PC or workstation end nodes 


HP 
ProCurve 
Switch 
Operating 
as an Edge 
Switch 


Interior 
Switch 
with STP 
Enabled 


STP 
Root 
Device 


Port 
Trunk 


STP 
Block 


LAN 


Figure 14-20. Example Topology for the Listing Shown in Figure 14-21 
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Indicates that Trk1 (Trunk 1) 
provides the currently active path 
to the STP root device. 


Redundant STP link in the Blocking 
state. 


Links to PC or Workstation End 
Nodes 


Redundant STP link in the 
Forwarding state. (See the "Root 
Port field, above. This is the 
currently active path to the STP 
root device.) 


Figure 14-21. Example of a Show Spanning-Tree Listing for the Topology Shown in Figure 14-20­ 
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Fast-Uplink 
STP 
Configured 
on Port 1 and 
Trunk 1 (Trk1) 


STP Enabled 
on the 
Switch 


Figure 14-22. Example of a Configuration Supporting the 
STP Topology Shown in Figure 14-20 


Using the CLI To Configure Fast-Uplink STP. This example uses the CLI 
to configure the switch for the fast-uplink operation shown in figures 14-20, 
14-21, and 14-22. (The example assumes that ports A2 and A3 are already 
configured as members of the port trunk—Trk1, and all other STP parameters 
are left in their default state.) 


Note that the default STP Protocol Version is RSTP (Rapid STP, or 802.1w). 
Thus, if the switch is set to the STP default, you must change it to the STP 
(802.1D) Protocol Version before you can configure Fast-Uplink. For example: 
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Lists STP 
configuration. 


Shows the default 
STP protocol 
version. 


1. Changes the Spanning-Tree 
protocol to STP (required for 
Fast-Uplink). 
2. Saves the change to the 
startup-configuration 
3. Reboots the switch. (Required 
for this configuration change.) 


Figure 14-23. Example of Changing the STP Configuration from the Default RSTP (802.1w) to STP (802.1D) 


Syntax:spanning-tree e <port/trunk-list> mode uplinkEnables STP on the switch 
and configures 
fast-uplink STP on the designated 
interfaces (port or trunk). 


For example: 


HPswitch(config)# spanning-tree e A1,trk1 mode uplink 


Operating Notes 


Effect of Reboots on Fast-Uplink STP Operation. When configured, 
fast-uplink STP operates on the designated ports in a running switch. How- 
ever, if the switch experiences a reboot, the fast-uplink ports (Mode = Uplink) 
use the longer forwarding delay used by ports on standard 802.1D STP (non 
fast-uplink). This prevents temporary loops that could otherwise result while 
the switch is determining the STP status for all ports. That is, on ports 
configured for fast-uplink STP, the first STP state transition after a reboot 
takes the same amount of time as for redundant ports that are not configured 
for fast-uplink STP. 


Using Fast Uplink with Port Trunks. To use a port trunk for fast-uplink 
STP, configure it in the same way that you would an individual port for the 
same purpose. A port trunk configured for fast uplink operates in the same 
way as an individual, non-trunked port operates; that is, as a logical port. 
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Not e	 
When you add a port to a trunk, the port takes on the STP mode configured 
for the trunk, regardless of which STP mode was configured on the port before 
it was added to the trunk. Thus, all ports belonging to a trunk configured with 
Uplink in the STP Mode field will operate in the fast-uplink mode. (If you remove 
a port from a trunk, the port reverts to the STP Mode setting it had before you 
added the port to the trunk. 


To use fast uplink over a trunk, you must: 


1. 
Create the trunk. 


2.	 
Configure the trunk for fast uplink in the same way that you would 
configure an individual port for fast uplink. 


When you first create a port trunk, its STP Mode setting will be Norm, regardless 
of whether one or more ports in the trunk are set to fast uplink (Mode = Uplink). 
You must still specifically configure the trunk Mode setting to Uplink. Similarly, 
if you eliminate a trunk, the Mode setting on the individual ports in the trunk 
will return to their previous settings. 


For Troubleshooting Information on Fast Uplink. Refer to “Spanning- 
Tree Protocol (STP) and Fast-Uplink Problems” on page C-13 (in the “Trou­ 
bleshooting” appendix). 


Web: Enabling or Disabling STP 


In the web browser interface you can enable or disable STP on the switch. To 
configure other STP features, telnet to the switch console and use the CLI. 


To enable or disable STP on the switch: 


1. 
Click on the Configuration tab 


2. 
Click on Device Features. 


3. 
Enable or disable STP. 


4. 
Click on Apply Changes to implement the configuration change. 


For web-based help on how to use the web browser interface screen, click on 
the [?] button provided on the web browser screen. 
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Overview 


This chapter describes how to use your network to stack switches without the 
need for any specialized cabling—page 15-3.
 


For general information on how to use the switch’s built-in interfaces, see:
 


■ 
Chapter 3, “Using the Menu Interface”
 


■ 
Chapter 4, “Using the Command Line Interface (CLI)”
 


■ 
Chapter 5, “Using the HP Web Browser Interface
 


■ 
Chapter 6, “Switch Memory and Configuration”
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Stacking Features 


Feature 
Default 
Menu 
CLI 
Web 


view stack status 


view status of a single switch 
n/a 
page 15-26 page 15-31 page 15-45 
thru 
page 15-28 


view candidate status 
n/a 
page 15-31 


view status of commander and its 
n/a 
page 15-32 


stack 


view status of all stacking-enabled 
n/a 
page 15-32 


switches in the ip subnet 


configure stacking 


enable/disable candidate Auto-Join 
enabled/Yes 
page 15-15 page 15-37 


“push” a candidate into a stack 
n/a 
page 15-15 page 15-37 


configure a switch to be a commander n/a 
page 15-13 page 15-33 


“push” a member into another stack 
n/a 
page 15-24 page 15-39 


remove a member from a stack 
n/a 
page 15-21 page 15-40 


or 
page 15-41 


“pull” a candidate into a stack 
n/a 
page 15-17 page 15-36 


“pull” a member from another stack 
n/a 
page 15-19 page 15-38 


convert a commander or member to a n/a 
page 15-24 page 15-39 


member of another stack 


access member switches for 
n/a 
page 15-23 page 15-42 


configuration and traffic monitoring 


disable stacking 
enabled 
page 15-15 page 15-44 


transmission interval 
60 seconds 
page 15-13 page 15-44 


HP ProCurve Stack Management (termed stacking) enables you to use a single 
IP address and standard network cabling to manage a group of up to 16 total 
switches in the same IP subnet (broadcast domain). Using stacking, you can: 


■ 
Reduce the number of IP addresses needed in your network. 
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■	 
Simplify management of small workgroups or wiring closets while 
scaling your network to handle increased bandwidth demand. 


■	 
Eliminate any specialized cables for stacking connectivity and 
remove the distance barriers thattypically limityourtopology options 
when using other stacking technologies. 


■	 
Add switches to your network without having to first perform IP 
addressing tasks. 


Which Devices Support Stacking? 


As of May, 2003, the following HP ProCurve devices support stacking: 


■ 
HP ProCurve Switch 6108 
■ 
HP ProCurve Switch 2524 


■ 
HP ProCurve Switch 4104GL 
■ 
HP ProCurve Switch 8000M* 


■ 
HP ProCurve Switch 4108GL 
■ 
HP ProCurve Switch 4000M* 


■ 
HP ProCurve Switch 2650 
■ 
HP ProCurve Switch 2424M* 


■ 
HP ProCurve Switch 2626 
■ 
HP ProCurve Switch 2400M* 


■ 
HP ProCurve Switch 2512 
■ 
HP ProCurve Switch 1600M* 


*Requires software release C.08.03 or later, which is included with the 8000M, 4000M, 
2424M, and 1600M models as of July, 2000. Release C.08.03 or a later version is also 
available on the HP ProCurve website at www.hp.com/go/procurve. (Click on software.) 
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Components of HP ProCurve Stack Management 


Table 15-1. Stacking Definitions 


Stack 
Consists of a Commander switch and any Member switches belonging to that Commander’s stack. 


Commander	 
A switch that has been manually configured as the controlling device for a stack. When this occurs, the 
switch’s stacking configuration appears as Commander. 


Candidate	 
A switch that is ready to join (become a Member of) a stack through either automatic or manual methods. 
A switch configured as a Candidate is not in a stack. 


Member 
A switch that has joined a stack and is accessible from the stack Commander. 


Commander: Switch A 


Member: Switch C 
Candidate: Switch B 


Before: Stack named 
"Engineering" consists 
of Commander and 
Switch "C". Switch "B" is 
a Candidate eligible to 
join the stack. 


Commander: Switch A 


Member: Switch C 
Member: Switch B 


After: Switch "B" joins the stack, thus changing from a 
Candidate to a Member of the stack. 


Stack 


Stack Name: 
Engineering 


Stack Name: 
Engineering 


Figure 15-1. Illustration of a Switch Moving from Candidate to Member 


General Stacking Operation 


After you configure one switch to operate as the Commander of a stack, 
additional switches can join the stack by either automatic or manual methods. 
After a switch becomes a Member, you can work through the Commander 
switch to further configure the Member switch as necessary for all of the 
additional software features available in the switch. 


The Commander switch serves as the in-band entry point for access to the 
Member switches. For example, the Commander’s IP address becomes the 
path to all stack Members and the Commander’s Manager password controls 
access to all stack Members. 
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Member Switch 1 


IP Address: None Assigned 


Manager Password: leader 


Candidate Switch 


IP Address: None Assigned 


Manager Password: francois 


Non-Member Switch 


IP Address: 14.28.227.105 


Manager Password: donald 


Member Switch 2 


IP Address: None Assigned 


Manager Password: leader 


Wiring Closet "B" 


Wiring Closet "A" 


Commander Switch 0 


IP Address: 14.28.227.100 


Manager Password: leader 


Use the Commander’s console or web 
browser interface to access the user 
interface on any Member switch in 
the same stack. 


Network 


Figure 15-2. Example of Stacking with One Commander Controlling Access to Wiring Closet Switches 


Interface Options. You can configure stacking through the switch’s menu 
interface, CLI, or the web browser interface. For information on how to use 
the web browser interface to configure stacking, see the online Help for the 
web browser interface. 


Web Browser Interface Window for Commander Switches. The web 
browser interface window for a Commander switch differs in appearance 
from the same window for non-commander switches. See figure 15-38 on page 
15-45. 
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Operating Rules for Stacking 


General Rules 


■	 
Stacking is an optional feature (enabled in the default configuration) 
and can easily be disabled. Stacking has no effect on the normal 
operation of the switch in your network. 


■	 
A stack requires one Commander switch. (Only one Commander 
allowed per stack.) 


■	 
All switches in a particular stack must be in the same IP subnet 
(broadcast domain). A stack cannot cross a router. 


■	 
A stack accepts up to 16 switches (numbered 0-15), including the 
Commander (always numbered 0). 


■	 
There is no limit on the number of stacks in the same IP subnet 
(broadcast domain), however a switch can belong to only one stack. 


■	 
If multiple VLANs are configured, stacking uses only the primary 
VLAN on any switch. In the factory-default configuration, the 
DEFAULT_VLAN is the primary VLAN. (See “Stacking Operation with 
Multiple VLANs Configured” on page 15-44 and “The Primary VLAN” 
on page 12-6.) 


■	 
Stacking allows intermediate devices that do not support stacking. 
This enables you to include switches that are distant from the 
Commander. 


Commander Switch 
Switch with Stacking 
Disabled or Not Available 


Member Switch 


Candidate Switch 


Figure 15-3. Example of a Non-Stacking Device Used in a Stacking Environment 
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Table 15-2. Specific Rules for Commander, Candidate, and Member Switch 


IP Addressing and 
Stack Name 


Number Allowed 
Per Stack 


Passwords 
SNMP Communities 


Commander IP Addr: Requires an 
Only one 
The Commander’s Manager 
Standard SNMP community 
assigned IP address 
Commander 
and Operator passwords are 
operation. The Commander 
and mask for access 
switch is allowed 
assigned to any switch 
also operates as an SNMP 
via the network. 
per stack. 
becoming a Member of the 
proxy to Members for all 


Stack Name: Required 
stack. 
SNMP communities config- 


If you change the 
ured in the Commander. 


Commander’s passwords, the 
Commander propagates the 
new passwords to all stack 
Members. 


Candidate 
IP Addr: Optional. 
n/a 
Passwords optional. If the 
Uses standard SNMP 


Configuring an IP 
Candidate becomes a stack 
community operation if the 


address allows access 
Member, it assumes the 
Candidate has its own IP 


via Telnet or web 
Commander’s Manager and 
addressing. 


browser interface 
Operator passwords. 


while the switch is not 
a stack member. In the 
factory default configu- 
ration the switch auto- 
matically acquires an 
IP address if your 
network includes DHCP 
service. 


If a candidate has a password, 
it cannot be automatically 
added to a stack. In this case, 
if you want the Candidate in a 
stack, you must manually add 
it to the stack. 


Stack Name: N/A 


Member	 
IP Addr: Optional. 
Configuring an IP 
address allows access 
via Telnet or web 
browser interface 
without going through 
the Commander switch. 
This is useful, for 
example, if the stack 
Commander fails and 
you need to convert a 
Member switch to 
operate as a replace­ 
ment Commander. 
Stack Name: N/A 


Up to 15 Members When the switch joins the 
per stack.	 
stack, it automatically 
assumes the Commander’s 
Manager and Operator pass- 
words and discards any pass- 
words it may have had while a 
Candidate. 


Note: If a Member leaves a 
stack for any reason, it retains 
the passwords assigned to the 
stack Commander at the time 
of departure from the stack. 


Belongs to the same SNMP 
communities as the 
Commander (which serves 
as an SNMP proxy to the 
Member for communities to 
which the Commander 
belongs). To join other 
communities that exclude 
the Commander, the 
Member must have its own 
IP address. Loss of stack 
membership means loss of 
membership in any commu­ 
nity that is configured only 
in the Commander. See 
"SNMP Community Opera­ 
tion in a Stack" on page 
15-43. 
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Not e	 
In the default stack configuration, the Candidate Auto Join parameter is 
enabled, but the Commander Auto Grab parameter is disabled. This prevents 
Candidates from automatically joining a stack prematurely or joining the 
wrong stack (if more than one stack Commander is configured in a subnet or 
broadcast domain). If you plan to install more than one stack in a subnet, HP 
recommends that you leave Auto Grab disabled on all Commander switches 
and manually add Members to their stacks. Similarly, if you plan to install a 
stack in a subnet (broadcast domain) where stacking-capable switches are 
not intended for stack membership, you should set the Stack State parameter 
(in the Stack Configuration screen) to Disabled on those particular switches. 


Configuring Stack Management 


Overview of Configuring and Bringing Up a Stack 


This process assumes that: 


■	 
All switches you want to include in a stack are connected to the same 
subnet (broadcast domain). 


■ 
If VLANs are enabled on the switchesyou want to include in the stack, 
then the ports linking the stacked switches must be on the primary 
VLAN in each switch (which, in the default configuration, is the 
default VLAN). If the primary VLAN is tagged, then each switch in the 
stack must use the same VLAN ID (VID) for the primary VLAN. (Refer 
to “The Primary VLAN” on page 12-6, and “Stacking Operation with 
Multiple VLANs Configured” on page 15-44.) 


■	 
If you are including an HP ProCurve Switch 8000M, 4000M, 2424M, 
2400M, or 1600M in a stack, you must first update all such devices 
to software version C.08.03 or later. (You can get a copy of the latest 
software version from HP’s ProCurve website and/or copy it from one 
switch to another. For downloading instructions, see appendix A, 
"File Transfers", in the Management and Configuration Guide for 
these switch models.) 
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Options for Configuring a Commander and Candidates. Depending on 
how Commander and Candidate switches are configured, Candidates can join 
a stack either automatically or by a Commander manually adding (“pulling”) 
them into the stack. In the default configuration, a Candidate joins only when 
manually pulled by a Commander. You can reconfigure a Commander to 
automatically pull in Candidates that are in the default stacking configura­ 
tion. You can also reconfigure a Candidate switch to either “push” itself into 
a particular Commander’s stack, convert the Candidate to a Commander (for 
a stack that does not already have a Commander), or to operate as a standa­ 
lone switch without stacking. The following table shows your control options 
for adding Members to a stack. 


Table 15-3. Stacking Configuration Guide 


Join Method1 
Commander 
(IP Addressing Required) 


Candidate 
(IP Addressing Optional) 


Auto Grab 
Auto Join 
Passwords 


Automatically add Candidate to Stack 
(Causes the first 15 eligible, discovered 
switches in the subnet to automatically join 
a stack.) 


Yes 
Yes (default) 
No (default)* 


Manually add Candidate to Stack 
(Prevent automatic joining of switches you 
don’t want in the stack) 


No (default) 
Yes (default) 
Optional* 


Yes 
No 
Optional* 


Yes 
Yes (default) or No 
Configured 


Prevent a switch from being a Candidate 
N/A 
Disabled 
Optional 


*The Commander’s Manager and Operator passwords propagate to the candidate when it joins the stack. 


The easiest way to automatically create a stack is to: 


1. Configure a switch as a Commander. 


2. Configure IP addressing and a stack name on the Commander. 


3. Set the Commander’s Auto Grab parameter to Yes. 


4.	 Connect Candidate switches (in their factory default configuration) to 
the network. 


This approach automatically creates a stack of up to 16 switches (including 
the Commander). However this replaces manual control with an automatic 
process that may bring switches into the stack that you did not intend to 
include. With the Commander’s Auto Grab parameter set to Yes, any switch 
conforming to all four of the following factors automatically becomes a stack 
Member: 
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■	 
Default stacking configuration (Stack State set to Candidate, and Auto 
Join set to Yes) 


■	 
Same subnet (broadcast domain) and default VLAN as the 
Commander (If VLANs are used in the stack environment, see 
"Stacking Operation with a Tagged VLAN" on page 15-44.) 


■ 
No Manager password 


■ 
14 or fewer stack members at the moment 


General Steps for Creating a Stack 


This section describes the general stack creation process. For the detailed 
configuration processes, see pages 15-13 through 15-36 for the menu interface 
and pages 15-29 through 15-41 for the CLI. 


1.	 Determine the naming conventions for the stack. You will need a stack 
name. Also, to help distinguish one switch from another in the stack, you 
can configure a unique system name for each switch. Otherwise, the 
system name for a switch appearing in the Stacking Status screen appears 
as the stack name plus an automatically assigned switch number. For 
example: 


Stack with unique 
system name for each 
switch. 


Stack named "Online" 
with no previously 
configured system 
names assigned to 
individual switches. 


For status 
descriptions, see the 
table on page 15-46. 


Figure 15-4. Using the System Name to Help Identify Individual Switches 
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2.	 Configure the Commander switch. Doing this first helps to establish 
consistency in your stack configuration, which can help prevent startup 
problems. 


•	 
A stack requires one Commander switch. If you plan to implement 
more than one stack in a subnet (broadcast domain), the easiest 
way to avoid unintentionally adding a Candidate to the wrong 
stack is to manually control the joining process by leaving the 
Commander’s Auto Grab parameter set to No (the default). 


•	 
The Commander assigns its Manager and Operator passwords to 
any Candidate switch that joins the stack. 


• 
The Commander’s SNMP community names apply to members. 


3.	 For automatically or manually pulling Candidate switches into a stack, 
you can leave such switches in their default stacking configuration. If you 
need to access Candidate switches through your network before they 
join the stack, assign IP addresses to these devices. Otherwise, IP 
addressing is optional for Candidates and Members. (Note that once a 
Candidate becomes a member, you can access it through the Commander 
to assign IP addressing or make other configuration changes.) 


4.	 Make a record of any Manager passwords assigned to the switches 
(intended for your stack) that are not currently members. (You will use 
these passwords to enable the protected switches to join the stack.) 


5.	 If you are using VLANs in the stacking environment, you must use the 
default VLAN for stacking links. For more information, see "Stacking 
Operation with a Tagged VLAN" on page 15-44. 


6.	 Ensure that all switches intended for the stack are connected to the same 
subnet (broadcast domain). As soon as you connect the Commander, it 
will begin discovering the available Candidates in the subnet. 


•	 
If you configured the Commander to automatically add Members 
(Auto Grab = Yes), the first fifteen discovered Candidates meeting 
both of the following criteria will automatically join the stack: 


– 
Auto Join parameter set to Yes (the default) 


– 
Manager password not configured 


•	 
If you configured the Commander to manually add Members 
(Auto Grab set to No—the default), you can begin the process of 
selecting and adding the desired Candidates. 


7. Ensure that all switches intended for the stack have joined. 


8.	 If you need to do specific configuration or monitoring tasks on a Member, 
use the console interface on the Commander to access the Member. 
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Using the Menu Interface To View Stack Status and 
Configure Stacking 


Using the Menu Interface To View and Configure a 
Commander Switch 


1.	 Configure an IP address and subnet mask on the Commander switch. 
(See Chapter 8, “Configuring IP Addressing”.) 


2. Display the Stacking Menu by selecting Stacking in the Main Menu. 


Figure 15-5. The Default Stacking Menu 


3.	 Display the Stack Configuration menu by pressing [3] to select Stack 
Configuration. 


Figure 15-6. The Default Stack Configuration Screen 
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4.	 Move the cursor to the Stack State field by pressing [E] (for Edit). Then 
use the Space bar to select the Commander option. 


5.	 Press the downarrow key to display the Commander configuration fields 
in the Stack Configuration screen. 


Figure 15-7. 	The Default Commander Configuration in the Stack Configuration 
Screen 


6.	 Enter a unique stack name (up to 15 characters; no spaces) and press the 
downarrow key. 


7.	 Ensure that the Commander has the desired Auto Grab setting, then press 
the downarrow key: 


•	 
No (the default) prevents automatic joining of Candidates that 
have their Auto Join set to Yes. 


•	 
Yes enables the Commander to automatically take a Candidate 
into the stack as a Member if the Candidate has Auto Join set to 
Yes (the default Candidate setting) and does not have a previously 
configured password. 


8.	 Accept or change the transmission interval (default: 60 seconds), then 
press [Enter] to return the cursor to the Actions line. 


9.	 Press [S] (for Save) to save your configuration changes and return to the 
Stacking menu. 


Your Commander switch should now be ready to automatically or manually 
acquire Member switches from the list of discovered Candidates, depending 
on your configuration choices. 
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Using the Menu To Manage a Candidate Switch 


Using the menu interface, you can perform these actions on a Candidate 
switch: 


■ 
Add (“push”) the Candidate into an existing stack 


■	 
Modify the Candidate’s stacking configuration (Auto Join and Transmission 
Interval) 


■ 
Convert the Candidate to a Commander 


■	 
Disable stacking on the Candidate so that it operates as a standalone 
switch 


In its default stacking configuration, a Candidate switch can either automati­ 
cally join a stack or be manually added("pulled") into a stack by a Commander, 
depending on the Commander’s Auto Grab setting. The following table lists the 
Candidate’s configuration options: 


Table 15-4. Candidate Configuration Options in the Menu Interface 


Parameter 
Default Setting 
Other Settings 


Stack State 
Candidate 
Commander, Member, or Disabled
 


Auto Join 
Yes 
No
 


Transmission 
60 Seconds 
Range: 1 to 300 seconds
 


Interval 


Using the Menu To “Push” a Switch Into a Stack, Modify the Switch’s 
Configuration, or Disable Stacking on the Switch. Use Telnet or the 
web browser interface to access the Candidate if it has an IP address. Other- 
wise, use a direct connection from a terminal device to the switch’s console 
port. (For information on how to use the web browser interface, see the online 
Help provided for the browser.) 


1.	 Display the Stacking Menu by selecting Stacking in the console Main 
Menu. 


2.	 Display the Stack Configuration menu by pressing [3] to select Stack 
Configuration. 
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Figure 15-8. The Default Stack Configuration Screen 


3. Move the cursor to the Stack State field by pressing [E] (for Edit). 


4. Do one of the following: 


•	 
To disable stacking on the Candidate, use the Space bar to select 
the Disabled option, then go to step 5. 


Note: Using the menu interface to disable stacking on a Candidate 
removes the Candidate from all stacking menus. 


• 
To insert the Candidate into a specific Commander’s stack: 


i. 
Use the space bar to select Member. 


ii.	 Press [Tab] once to display the Commander MAC Address param­ 
eter, then enter the MAC address of the desired Commander. 


•	 
To change Auto Join or Transmission Interval, use [Tab] to select the 
desired parameter, and: 


– 
To change Auto Join, use the Space bar. 


–	 
To change Transmission Interval, type in the new value in the 
range of 1 to 300 seconds. 
Note: All switches in the stack must be set to the same transmis­ 
sion interval to help ensure proper stacking operation. HP recom­ 
mends that you leave this parameter set to the default 60 seconds. 


Then go to step 5. 


5. 
press [Enter] to return the cursor to the Actions line. 
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6.	 Press [S] (for Save) to save your configuration changes and return to the 
Stacking menu. 


Using the Commander To Manage The Stack 


The Commander normally operates as your stack manager and point of entry 
into other switches in the stack. This typically includes: 


■ 
Adding new stack members 


■ 
Moving members between stacks 


■ 
Removing members from a stack 


■	 
Accessing stack members for individual configuration changes and traffic 
monitoring 


The Commander also imposes its passwords on all stack members and pro­ 
vides SNMP community membership to the stack. (See “SNMP Community 
Operation in a Stack” on page 15-43.) 


Using the Commander’s Menu To Manually Add a Candidate to a 
Stack. In the default configuration, you must manually add stack Members 
from the Candidate pool. Reasons for a switch remaining a Candidate instead 
of becoming a Member include any of the following: 


■ 
Auto Grab in the Commander is set to No (the default). 


■ 
Auto Join in the Candidate is set to No. 


Note: When a switch leaves a stack and returns to Candidate status, its 
Auto Join parameter resets to No so that it will not immediately rejoin a 
stack from which it has just departed. 


■ 
A Manager password is set in the Candidate. 


■ 
The stack is full. 


Unless the stack is already full, you can use the Stack Management screen to 
manually convert a Candidate to a Member. If the Candidate has a Manager 
password, you will need to use it to make the Candidate a Member of the stack. 


1. To add a Member, start at the Main Menu and select: 


9. Stacking... 


4. Stack Management 


You will then see the Stack Management screen: 
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For status descriptions, see the table on page 15-46. 


Figure 15-9. Example of the Stack Management Screen 


2.	 Press [A] (for Add) to add a Candidate. You will then see this screen listing 
the available Candidates: 


The Commander automatically selects an 
available switch number (SN). You have the 
option of assigning any other available number. 


Candidate List 


Figure 15-10. Example of Candidate List in Stack Management Screen 


3.	 Either accept the displayed switch number or enter another available 
number. (The range is 0 - 15, with 0 reserved for the Commander.) 


4.	 Use the downarrow key to move the cursor to the MAC Address field, 
then type the MAC address of the desired Candidate from the Candidate 
list in the lower part of the screen. 


5. Do one of the following: 
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•	 
If the desired Candidate has a Manager password, press the 
downarrow key to move the cursor to the Candidate Password 
field, then type the password. 


• 
If the desired Candidate does not have a password, go to step 6. 


6.	 Press [Enter] to return to the Actions line, then press [S] (for Save) to 
complete the Add process for the selected Candidate. You will then see 
a screen similar to the one in figure 15-11, below, with the newly added 
Member listed. 


Note: If the message Unable to add stack member: Invalid Password appears 
in the console menu’s Help line, then you either omitted the Candidate’s 
Manager password or incorrectly entered the Manager password. 


Forstatus descriptions, see the table onpage 15-46. 


New Member added in step 6. 


Figure 15-11. Example of Stack Management Screen After New Member Added 


Using the Commander’s Menu To Move a Member From One Stack to 
Another. Where two or more stacks exist in the same subnet (broadcast 
domain), you can easily move a Member of one stack to another stack if the 
destination stack is not full. (If you are using VLANs in your stack environ­ 
ment, see "Stacking Operation with a Tagged VLAN" on page 15-44.) This 
procedure is nearly identical to manually adding a Candidate to a stack (page 
15-17). (If the stack from which you want to move the Member has a Manager 
password, you will need to know the password to make the move.) 


1.	 To move a Member from one stack to another, go to the Main Menu of 
the Commander in the destination stack and display the Stacking Menu 
by selecting 


9. Stacking... 


2.	 To learn or verify the MAC address of the Member you want to move, 
display a listing of all Commanders, Members, and Candidates in the 
subnet by selecting: 
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2. Stacking Status (All) 


You will then see the Stacking Status (All) screen: 


For status descriptions, see the table on page 15-46. 


This column lists the MAC 
Addresses for switches 
discovered (in the local 
subnet) that are configured 
for Stacking. 


Using the MAC addresses for these 
Members, you can move them between 
stacks in the same subnet. 


Figure 15-12. Example of How the Stacking Status (All) Screen Helps You Find 
Member MAC Addresses 


3.	 In the Stacking Status (All) screen, find the Member switch that you want 
to move and note its MAC address, then press [B] (for Back) to return to 
the Stacking Menu. 


4. Display the Commander’s Stack Management screen by selecting 


4. Stack Management 


(For an example of this screen, see figure 15-9 on page 15-18.) 


5.	 Press [A] (for Add) to add the Member. You will then see a screen listing 
any available candidates. (See figure 15-10 on page 15-18.) Note that you 
will not see the switch you want to add because it is a Member of another 
stack and not a Candidate.) 


6.	 Either accept the displayed switch number or enter another available 
number. (The range is 0 - 15, with 0 reserved for the Commander.) 


7.	 Use the downarrow key to move the cursor to the MAC Address field, 
then type the MAC address of the desired Member you want to move from 
another stack. 
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8. Do one of the following: 


•	 
If the stack containing the Member you are moving has a Manager 
password, press the downarrow key to select the Candidate 
Password field, then type the password. 


•	 
If the stack containing the Member you want to move does not 
have a password, go to step 9. 


9.	 Press [Enter] to return to the Actions line, then press [S] (for Save) to 
complete the Add process for the selected Member. You will then see a 
screen similar to the one in figure 15-9 on page 15-18, with the newly 
added Member listed. 


Not e : 
If the message Unable to add stack member: Invalid Password appears in the 
console menu’s Help line, then you either omitted the Manager password for 
the stack containing the Member or incorrectly entered the Manager pass- 
word. 


You can “push” a Member from one stack to another by going to the Member’s 
interface and entering the MAC address of the destination stack Commander 
in the Member’s Commander MAC Address field. Using this method moves the 
Member to another stack without a need for knowing the Manager password 
in that stack, but also blocks access to the Member from the original 
Commander. 


Using the Commander’s Menu To Remove a Stack Member. These 
rules affect removals from a stack: 


■	 
When a Candidate becomes a Member, its Auto Join parameter is 
automatically set to No. This prevents the switch from automatically 
rejoining a stack as soon as you remove it from the stack. 


■	 
When you use the Commander to remove a switch from a stack, the 
switch rejoins the Candidate pool for your IP subnet (broadcast 
domain), with Auto Join set to No. 


■	 
When you remove a Member from a stack, it frees the previously 
assigned switch number (SN), which then becomes available for 
assignment to another switch that you may subsequently add to the 
stack. The default switch number used for an add is the lowest 
unassigned number in the Member range (1 - 15; 0 is reserved for the 
Commander). 
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To remove a Member from a stack, use the Stack Management screen. 


1. From the Main Menu, select: 


9. Stacking... 


4. Stack Management 


You will then see the Stack Management screen: 


For status descriptions, 
see the table on page 
15-46. 


Stack Member List 


Figure 15-13. Example of Stack Management Screen with Stack Members Listed 


2.	 Use the downarrow key to select the Member you want to remove from 
the stack. 


Figure 15-14. Example of Selecting a Member for Removal from the Stack 


3.	 Type [D] (for Delete) to remove the selected Member from the stack. You 
will then see the following prompt: 


Figure 15-15. The Prompt for Completing the Deletion of a Member from the Stack 
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4.	 To continue deleting the selected Member, press the Space bar once to 
select Yes for the prompt, then press [Enter] to complete the deletion. The 
Stack Management screen updates to show the new stack Member list. 


Using the Commander To Access Member Switches for 
Configuration Changes and Monitoring Traffic 


After a Candidate becomes a stack Member, you can use that stack’s 
Commander to access the Member’s console interface for the same configu­ 
ration and monitoring that you would do through a Telnet or direct-connect 
access. 


1. From the Main Menu, select: 


9. Stacking... 


5. Stack Access 


You will then see the Stack Access screen: 


For status descriptions, see the table on page 15-46. 


Figure 15-16. Example of the Stack Access Screen 


Use the downarrow key to select the stack Member you want to access, then 
press [X] (for eXecute) to display the console interface for the selected Member. 
For example, if you selected switch number 1 (system name: Coral Sea) in figure 
15-16 and then pressed [X], you would see the Main Menu for the switch named 
Coral Sea. 
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Main Menu for stack 
Member named "Coral Sea" 
(SN = 1 from figure 15-16) 


Figure 15-17. 	The eXecute Command Displays the Console Main Menu for the 
Selected Stack Member 


2.	 You can now make configuration changes and/or view status data for the 
selected Member in the same way that you would if you were directly 
connected or telnetted into the switch. 


3.	 When you are finished accessing the selected Member, do the following 
to return to the Commander’s Stack Access screen: 


a. Return to the Member’s Main Menu. 


b. Press [0] (for Logout), then [Y] (for Yes). 


c. Press [Return]. 


You should now see the Commander’s Stack Access screen. (For an 
example, see figure 15-16 on page 15-23.) 


Converting a Commander or Member to a Member of Another 
Stack 


When moving a commander, the following procedure returns the stack mem­ 
bers to Candidate status (with Auto-Join set to “No”) and converts the stack 
Commander to a Member of another stack. When moving a member, the 
procedure simply pulls a Member out of one stack and pushes it into another. 


1. 
From the Main Menu of the switch you want to move, select 


9. Stacking 


2. 
To determine the MAC address of the destination Commander, select 


2. Stacking Status (All) 
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3. 
Press [B] (for Back) to return to the Stacking Menu. 


4. 
To display Stack Configuration menu for the switch you are moving, select 


3. Stack Configuration 


5. 
Press [E] (for Edit) to select the Stack State parameter. 


6.	 
Use the Space bar to select Member, then press [v] to move to the Com­ 
mander MAC Address field. 


7. 
Enter the MAC address of the destination Commander and press [Enter]. 


8. 
Press [S] (for Save). 


Monitoring Stack Status 


Using the stacking options in the menu interface for any switch in a stack, you 
can view stacking data for that switch or for all stacks in the subnet (broadcast 
domain). (If you are using VLANs in your stack environment, see "Stacking 
Operation with a Tagged VLAN" on page 15-44.) This can help you in such ways 
as determining the stacking configuration for individual switches, identifying 
stack Members and Candidates, and determining the status of individual 
switches in a stack. See table 15-5 on page 15-25. 


Table 15-5. Stack Status Environments 


Screen Name 
Commander 
Member 
Candidate 


Stack Status (This Switch) 
•	 Commander’s stacking 
configuration 


• Data on stack Members: 


– Switch Number 
– MAC Address 
– System Name 
– Device Type 
– Status 


Stack Status (All)	 
Lists devices by stack name 
or Candidate status (if device 
is not a stack Member). 
Includes: 
• Stack Name 
• MAC Address 
• System Name 
• Status 


• Member’s stacking configuration Candidate’s stacking 
• Member Status 
configuration 


•	 Data identifying Member’s 
Commander: 
– Commander Status 
– Commander IP Address 
– Commander MAC Address 


Same as for Commander.	 
Same as for 
Commander. 
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Using Any Stacked Switch To View the Status for All Switches with 
Stacking Enabled. This procedure displays the general status of all switches 
in the IP subnet (broadcast domain) that have stacking enabled. 


1.	 Go to the console Main Menu for any switch configured for stacking and 
select: 


9. Stacking ... 


2. Stacking Status (All) 


You will then see a Stacking Status screen similar to the following: 


For status descriptions, see the table on page 15-46. 


Figure 15-18. 	Example of Stacking Status for All Detected Switches Configured for 
Stacking 


Viewing Commander Status. This procedure displays the Commander and 
stack configuration, plus information identifying each stack member. 


To display the status for a Commander, go to the console Main Menu for the 
switch and select: 


9. Stacking ... 


1. Stacking Status (This Switch) 
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You will then see the Commander’s Stacking Status screen: 


Figure 15-19. Example of the Commander’s Stacking Status Screen 


Viewing Member Status. This procedure displays the Member’s stacking 
information plus the Commander’s status, IP address, and MAC address. 


To display the status for a Member: 


1. Go to the console Main Menu of the Commander switch and select 


9. Stacking ... 


5. Stack Access 


2.	 Use the downarrow key to select the Member switch whose status you 
want to view, then press [X] (for eXecute). You will then see the Main Menu 
for the selected Member switch. 


3. In the Member’s Main Menu screen, select 


9. Stacking ... 


1. Stacking Status (This Switch) 


You will then see the Member’s Stacking Status screen: 
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Figure 15-20. Example of a Member’s Stacking Status Screen 


Viewing Candidate Status. This procedure displays the Candidate’s 
stacking configuration. 


To display the status for a Candidate: 


1.	 Use Telnet (if the Candidate has a valid IP address for your network) or 
a direct serial port connection to access the menu interface Main Menu 
for the Candidate switch and select 


9. Stacking ... 


1. Stacking Status (This Switch) 


You will then see the Candidate’s Stacking Status screen: 


Figure 15-21. Example of a Candidate’s Stacking Screen 
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Using the CLI To View Stack Status and Configure 
Stacking 


The CLI enables you to do all of the stacking tasks available through the menu 
interface.) 


Table 15-6. CLI Commands for Configuring Stacking on a Switch 


CLI Command 
Operation 


show stack 
Commander: Shows Commander’s stacking configuration and lists the stack 


[candidates | view | all] 
members and their individual status. 
Member: Lists Member’s stacking configuration and status, and the status and the 
IP address and subnet mask of the stack Commander. 


Options: 


candidates: (Commander only) Lists stack Candidates. 
view: (Commander only) Lists current stack Members and their individual 
status. 
all: Lists all stack Commanders, Members and Candidates, with their individual 
status. 


[no] stack 
Any Stacking-Capable Switch: Enables or disables stacking on the switch. 


Default: Stacking Enabled 


[no] stack commander <stack name>	 Candidate or Commander: Converts a Candidate to a Commander or changes the 


stack name of an existing commander. 
“No” form eliminates named stack and returns Commander and stack Members 
to Candidate status with Auto Join set to No. 


“No” form prevents the switch from being discovered as a stacking-capable 
switch. 


Default: Switch Configured as a Candidate 


[no] stack auto-grab	 
Commander: Causes Commander to automatically add to its stack any discovered 
Candidate in the subnet that does not have a Manager password and has Auto- 
Join set to Yes. 


Default: Disabled 
Note: If the Commander’s stack already has 15 members, the Candidate cannot 
join until an existing member leaves the stack. 
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CLI Command 
Operation 


[no] stack member 
Commander: Adds a Candidate to stack membership. “No” form removes a 


<switch-num> 
Member from stack membership. To easily determine the MAC address of a 


mac-address <mac-addr> 
Candidate, use the show stack candidates command. To determine the MAC 


[password <password-str>] 
address of a Member you want to remove, use the show stack view command.The 
password (password-str) is required only when adding a Candidate that has a 
Manager password. 


telnet <1..15> 


Used In: Commander Only 


Commander: Uses the SN (switch number— assigned by the stack Commander) 
to access the console interface (menu interface or CLI) of a stack member. To view 
the list of SN assignments for a stack, execute the show stack command in the 
Commander’s CLI. 


[no] stack join <mac-addr>	 
Candidate: Causes the Candidate to join the stack whose Commander has the 
indicated MAC address. “No” form is used in a Member to remove it from the stack 
of the Commander having the specified address. 
Member: “Pushes” the member to another stack whose Commander has the 
indicated MAC address. 


[no] stack auto-join	 
Candidate: Enables Candidate to automatically join the stack of any Commander 
in the IP subnet that has Auto Grab enabled, or disables Auto-Join in the candidate. 


Default: Auto Join enabled. 


Note: If the Candidate has a Manager password or if the available stack(s) already 
have the maximum of 15 Members, the automatic join will not occur. 


stack transmission-interval	 
All Stack Members: specifies the interval in seconds for transmitting stacking 
discovery packets. 


Default: 60 seconds 
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Using the CLI To View Stack Status 


You can list the stack status for an individual switch and for other switches 
that have been discovered in the same subnet. 


Syntax: 
show stack [candidates | view | all] 


Viewing the Status of an Individual Switch. The following example 
illustrates how to use the CLI in a to display the stack status for that switch. 
In this case, the switch is in the default stacking configuration. 


Syntax: 
show stack 


Figure 15-22. 	Example of Using the Show Stack Command To List the Stacking Configuration for an 
Individual Switch 


Viewing the Status of Candidates the Commander Has Detected. 


This example illustrates how to list stack candidates the Commander has 
discovered in the ip subnet (broadcast domain). 


Syntax: 
show stack candidates 


Figure 15-23. 	Example of Using the Show Stack Candidates Command To List 
Candidates 
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Viewing the Status of all Stack-Enabled Switches Discovered in the IP 
Subnet. The next example lists all the stack-configured switches discovered 
in the IP subnet. Because the switch on which the show stack all command 
was executed is a candidate, it is included in the “Others” category. 


Syntax: 
show stack all 


Figure 15-24. Result of Using the Show Stack All Command To List Discovered Switches in the IP Subnet 


Viewing the Status of the Commander and Current Members of the 
Commander’s Stack. The next example lists all switches in the stack of the 
selected switch. 


Syntax: 
show stack view 


Figure 15-25. 	Example of the Show Stack View Command To List the Stack Assigned to the 
Selected Commander 
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Using the CLI To Configure a Commander Switch 


You can configure any stacking-enabled switch to be a Commander as long as 
the intended stack name does not already exist on the broadcast domain. 
(Whenyou configure a Commander, you automatically create a corresponding 
stack.) 


Before you begin configuring stacking parameters: 


1.	 
Configure IP addressing on the switch intended for stack commander and, 
if not already configured, on the primary VLAN. (For more on configuring 
IP addressing, see Chapter 8, “Configuring IP Addressing”.) 


Not e	 
The primary VLAN must have an IP address in order for stacking to operate 
properly. For more on the primary VLAN, see “The Primary VLAN” on page 
12-6. 


2.	 
Configure a Manager password on the switch intended for commander. 
(The Commander’s Manager password controls access to stack Mem­ 
bers.) For more on passwords, see the local manager and operator pass- 
word information in the Access Security Guide for your switch. 


Configure the Stack Commander. Assigning a stack name to a switch 
makes it a Commander and automatically creates a stack. 


Syntax: 
stack commander < name-str > 


This example creates a Commander switch with a stack name of Big_Waters. 
(Note that if stacking was previously disabled on the switch, this command 
also enables stacking.) 


HPswitch(config)# stack commander Big_Waters
 


As the following show stack display shows, the Commander switch is now ready 
to add members to the stack. 
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The stack commander command 
configures the Commander and names 
the stack. 


The Commander appears in the stack as Switch 
Number (SN) 0. 


Figure 15-26. 	Example of the Commander’s Show Stack Screen with Only the Commander 
Discovered 


Using a Member’s CLI to Convert the Member to the Commander of a 
New Stack. This procedure requires that you first remove the Member from 
its current stack, then create the new stack. If you do not know the MAC 
address for the Commander of the current stack, use show stack to list it. 


Syntax:	 
no stack 
stack commander < stack name > 


Suppose, for example, that an HP switch named “Bering Sea” is a Member of 
a stack named “Big_Waters”. To use the switch’s CLI to convert it from a stack 
Member to the Commander of a new stack named “Lakes”, you would use the 
following commands: 
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Removes the Member 
from the “Big_Waters” 
stack. 


Converts the former 
Member to the Com­ 
mander of the new 
“Lakes” stack. 


The output from this command tells you the 
MAC address of the current stack Commander. 


Figure 15-27. Example of Using a Member’s CLI To Convert the Member to the Commander of a New Stack 


Adding to a Stack or Moving Switches Between Stacks 


You can add switches to a stack by adding discovered Candidates or by moving 
switches from other stacks that may exist in the same subnet. (You cannot 
add a Candidate that the Commander has not discovered.) 


In its default configuration, the Commander’s Auto-Grab parameter is set to 
No to give you manual control over which switches join the stack and when 
they join. This prevents the Commander from automatically trying to add 
every Candidate it finds that has Auto Join set to Yes (the default for the 
Candidate). 


(If you want any eligible Candidate to automatically join the stack when the 
Commander discovers it, configure Auto Grab in the Commander to Yes. When 
you do so, any Candidate discovered with Auto Join set to Yes (the default) and 
no Manager password will join the stack, up to the limit of 15 Members.) 


15-35 


HP ProCurve Stack Management 
Configuring Stack Management 


Using the Commander’s CLI To Manually Add a Candidate to the 
Stack. To manually add a candidate, you will use: 


■	 
A switch number (SN) to assign to the new member. Member SNs range 
from 1 to 15. To see which SNs are already assigned to Members, use show 
stack view. You can use any SN not included in the listing. (SNs are 
viewable only on a Commander switch.) 


■	 
The MAC address of the discovered Candidate you are adding to the stack. 
To see this data, use the show stack candidates listing . 


For example: 


Note: When manually adding a switch, you must assign an SN. 
However, if the Commander automatically adds a new Member, 
it assigns an SN from the available pool of unused SNs. 


In this stack, the only SNs in use are 0 and 1, 
so you can use any SN number from 2 through 
15 for new Members. (The SN of “0” is always 
reserved for the stack Commander.) 


Figure 15-28. Example of How To Determine Available Switch Numbers (SNs) 


To display all discovered Candidates with their MAC addresses, execute show 
stack candidates from the Commander’s CLI. For example, to list the discov­ 
ered candidates for the above Commander: 


MAC addresses 
of discovered 
Candidates. 


Figure 15-29. Example of How To Determine MAC Addresses of Discovered Candidates 


Knowing the available switch numbers (SNs) and Candidate MAC addresses, 
you can proceed to manually assign a Candidate to be a Member of the stack: 


Syntax: 
stack member < switch-number > mac-address < mac-addr > 
[ password < password-str > ] 
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For example, if the HP 8000M in the above listing did not have a Manager 
password and you wanted to make it a stack Member with an SN of 2, you 
would execute the following command: 


HPswitch(config)# stack member 2 mac-address 0060b0- 
dfla00 


The show stack view command then lists the Member added by the above 
command: 


SN (Switch Number) 2 is the 
new Member added by the 
stack member command. 


The new member did not have a System Name 
configured prior to joining the stack, and so receives a 
System Name composed of the stack name (assigned in 
the Commander) with its SN number as a suffix. 


Figure 15-30. Example Showing the Stack After Adding a New Member 


Using Auto Join on a Candidate. In the default configuration, a Candi­ 
date’s Auto Join parameter is set to “Yes”, meaning that it will automatically 
join a stack if the stack’s Commander detects the Candidate and the Com­ 
mander’s Auto Grab parameter is set to “Yes”. You can disable Auto Join on a 
Candidate if you want to prevent automatic joining in this case. There is also 
the instance where a Candidate’s Auto Join is disabled, for example, when a 
Commander leaves a stack and its members automatically return to Candidate 
status, or if you manually remove a Member from a stack. In this case, you 
may want to reset Auto Join to “Yes”. 


Status: 
[no] stack auto-join 


HPswitch(config)# no stack auto-join 


Disables Auto Join on a Candidate. 


HPswitch(config)# stack auto-join 


Enables Auto Join on a Candidate. 


Using a Candidate CLI To Manually “Push” the Candidate Into a 
Stack . Use this method if any of the following apply: 
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■	 
The Candidate’s Auto Join is set to Yes (and you do not want to enable 
Auto Grab on the Commander) or the Candidate’s Auto Join is set to No. 


■	 
Either you know the MAC address of the Commander for the stack into 
which you want to insert the Candidate, or the Candidate has a valid IP 
address and is operating in your network. 


Syntax: 
stack join < mac-addr > 


where: < mac-addr > is the MAC address of the Commander in 
the destination stack. 


Use Telnet (if the Candidate has an IP address valid for your network) or a 
direct serial port connection to access the CLI for the Candidate switch. For 
example, suppose that a Candidate named “North Sea” with Auto Join off and 
a valid IP address of 10.28.227.104 is running on a network. You could Telnet 
to the Candidate, use show stack all to determine the Commander’s MAC 
address, and then “push” the Candidate into the desired stack. 


1. Telnet to the Candidate named “North Sea”. 
2. Use show stack all to display the Commander’s 
MAC address. 


3. Set the Candidate CLI to Config mode. 
4. Execute stack join with the 
Commander’s MAC address to “push” 
the Candidate into the stack. 


MAC Address for 
Stack Commander 


Figure 15-31. Example of “Pushing” a Candidate Into a Stack 


To verify that the Candidate successfully joined the stack, execute show stack 
all again to view the stacking status. 


Using the Destination Commander CLI To “Pull” a Member from 
Another Stack. This method uses the Commander in the destination stack 
to “pull” the Member from the source stack. 


15-38 


HP ProCurve Stack Management 


Configuring Stack Management 


Syntax:	 
stack member < switch-number > 
mac-address < mac-addr > 
[ password < password-str >] 


In the destination Commander, use show stack all to find the MAC address of 
the Member you want to pull into the destination stack. For example, suppose 
you created a new Commander with a stack name of “Cold_Waters” and you 
wanted to move a switch named “Bering Sea” into the new stack: 


Move this switch into the “Cold Waters” stack. 


Figure 15-32. Example of Stack Listing with Two Stacks in the Subnet 


You would then execute the following command to pull the desired switch 
into the new stack: 


HPswitch(config)# stack member 1 mac-address 0060b0- 
df1a00 


Where 1 is an unused switch number (SN). 


Since a password is not set on the Candidate, a password is not needed in this 
example. 


You could then use show stack all again to verify that the move took place. 


Using a Member CLI To “Push” the Member into Another Stack. You 
can use the Member’s CLI to “push” a stack Member into a destination stack 
if you know the MAC address of the destination Commander. 


Syntax: 
stack join <mac-addr> 


where:	 < mac-addr > is the MAC address of the Commander for the 
destination stack. 


Converting a Commander to a Member of Another Stack. Removing 
the Commander from a stack eliminates the stack and returns its Members to 
the Candidate pool with Auto Join disabled. 
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Syntax:	 
no stack name < stack name> 
stack join < mac-address > 


If you don’t know the MAC address of the destination Commander, you can 
use show stack all to identify it. 


For example, suppose you have a switch operating as the Commander for a 
temporary stack named “Test”. When it is time to eliminate the temporary 
“Test” stack and convert the switch into a member of an existing stack named 
“Big_Waters”, you would execute the following commands in the switch’s CLI: 


Eliminates the “Test” stack and converts 
the Commander to a Candidate. 


Helps you to identify the MAC address of the 
Commander for the “Big_Waters” stack. 


Adds the former “Test” Commander to the 
“Big_Waters” stack. 


Figure 15-33. Example of Command Sequence for Converting a Commander to a Member 


Using the CLI To Remove a Member from a Stack 


You can remove a Member from a stack using the CLI of either the Commander 
or the Member. 


Not e	 
When you remove a Member from a stack, the Member’s Auto Join parameter 
is set to No. 


Using the Commander CLI To Remove a Stack Member. This option 
requires the switch number (SN) and the MAC address of the switch to 
remove. (Because the Commander propagates its Manager password to all 
stack members, knowing the Manager password is necessary only for gaining 
access to the Commander.) 


Syntax: 
[no] stack member <switch-num> mac-address <mac-addr> 
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Use show stack view to list the stack Members. For example, suppose that you 
wanted to use the Commander to remove the “North Sea” Member from the 
following stack: 


Remove this Member 
from the stack. 


Figure 15-34. Example of a Commander and Three Switches in a Stack 


You would then execute this command to remove the “North Sea” switch from 
the stack: 


HPswitch(config)# no stack member 3 mac-address 0030c1-
 
7fc700
 


where: 


• 
3 is the “North Sea” Member’s switch number (SN) 


• 
0030c1-7fc700 is the “North Sea” Member’s MAC address 


Using the Member’s CLI To Remove the Member from a Stack. 


Syntax: 
no stack join <mac-addr> 


To use this method, you need the Commander’s MAC address, which is 
available using the show stack command in the Member’s CLI. For example: 


MAC Address of the 
Commander for the 
Stack 
Which 
the“North Sea” 
Switch Belongs 


CLI for “North Sea” 
Stack Member 


to 


Figure 15-35. Example of How To Identify the Commander’s MAC Address from a Member Switch 


You would then execute this command in the “North Sea” switch’s CLI to 
remove the switch from the stack: 
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North Sea(config)# no stack join 0030c1-7fec40 


Using the CLI To Access Member Switches for Configuration 
Changes and Traffic Monitoring 


After a Candidate becomes a Member, you can use the telnet command from 
the Commander to access the Member’s CLI or console interface for the same 
configuration and monitoring that you would do through a Telnet or direct- 
connect access from a terminal. 


Syntax: 
telnet <switch-number> 


where: unsigned integer is the switch number (SN) assigned by the Com­ 
mander to each member (range: 1 - 15). 


To find the switch number for the Member you want to access, execute the 
show stack view command in the Commander’s CLI. For example, suppose that 
you wanted to configure a port trunk on the switch named “North Sea” in the 
stack named “Big_Waters”. Do do so you would go to the CLI for the 
“Big_Waters” Commander and execute show stack view to find the switch 
number for the “North Sea” switch: 


The switch number 
(SN) for the “North 
Sea” switch is “3”. 


Figure 15-36. Example of a Stack Showing Switch Number (SN) Assignments 


To access the “North Sea” console, you would then execute the following telnet 
command: 


HPswitch(config)# telnet 3
 


You would then see the CLI prompt for the “North Sea” switch, allowing you 
to configure or monitor the switch as if you were directly connected to the 
console. 
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SNMP Community Operation in a Stack 


Community Membership 


In the default stacking configuration, when a Candidate joins a stack, it 
automatically becomes a Member of any SNMP community to which the 
Commander belongs, even though any community names configured in the 
Commander are not propagated to the Member’s SNMP Communities listing. 
However, if a Member has its own (optional) IP addressing, it can belong to 
SNMP communities to which other switches in the stack, including the 
Commander, do not belong. For example: 


Commander Switch 
IP Addr: 12.31.29.100 
Community Names: 
– blue 
– red 


Member Switch 2 
IP Addr: None 
Community Names: 
– none 


Member Switch 3 
IP Addr: 12.31.29.15 
Community Names: 
– public (the default) 
– gray 


Member Switch 1 
IP Addr: 12.31.29.18 
Community Names: 
– public (the default) 


• The Commander and all Members of the stack 
belong to the blue and red communities. Only switch 
3 belongs to the gray community. Switches 1, 2, and 
3 belong to the public community 


• If Member Switch 1 ceases to be a stack Member, it 
still belongs to the public SNMP community because 
it has IP addressing of its own. But, with the loss of 
stack Membership, Switch 1 loses membership in 
the blue and red communities because they are not 
specifically configured in the switch. 


• If Member Switch 2 ceases to be a stack Member, it 
loses membership in all SNMP communities. 


• If Member Switch 3 ceases to be a stack Member, it 
loses membership in the blue and red communities, 
but—because it has its own IP addressing—retains 
membership in the public and gray communities. 


Figure 15-37. Example of SNMP Community Operation with Stacking 


SNMP Management Station Access to Members Via the Commander. 


To use a management station for SNMP Get or Set access through the 
Commander’s IP address to a Member, you must append @sw<switch number> 
to the community name. For example, in figure 15-37, you would use the 
following command in your management station to access Switch 1’s MIB 
using the blue community: 


snmpget < MIB variable > 10.31.29.100 blue@sw1 


Note that because the gray community is only on switch 3, you could not use 
the Commander IP address for gray community access from the management 
station. Instead, you would access switch 3 directly using the switch’s own IP 
address. For example: 


snmpget < MIB variable > 10.31.29.15 gray 
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Note that in the above example (figure 15-37) you cannot use the public 
community through the Commander to access any of the Member switches. 
For example, you can use the public community to access the MIB in switches 
1 and 3 by using their unique IP addresses. However, you must use the red or 
blue community to access the MIB for switch 2. 


snmpget < MIB variable > 10.31.29.100 blue@sw2 


Using the CLI To Disable or Re-Enable Stacking 


In the default configuration, stacking is enabled on the switch. You can use 
the CLI to disable stacking on the switch at any time. Disabling stacking has 
the following effects: 


■	 
Disabling a Commander: Eliminates the stack, returns the stack Mem­ 
bers to Candidates with Auto Join disabled, and changes the Commander 
to a stand-alone (nonstacking) switch. You must re-enable stacking on the 
switch before it can become a Candidate, Member, or Commander. 


■	 
Disabling a Member: Removes the Member from the stack and changes 
it to a stand-alone (nonstacking) switch. You must re-enable stacking on 
the switch before it can become a Candidate, Member, or Commander. 


■	 
Disabling a Candidate: Changes the Candidate to a stand-alone (non- 
stacking) switch. 


Syntax:	 
no stack 
(Disables stacking on the switch.) 
stack 
(Enables stacking on the switch.) 


Transmission Interval 


All switches in the stack must be set to the same transmission interval to help 
ensure proper stacking operation. HP recommends that you leave this param­ 
eter set to the default 60 seconds. 


Syntax: 
stack transmission-interval < seconds > 


Stacking Operation with Multiple VLANs Configured 


Stacking uses the primary VLAN in a switch. In the factory-default configura­ 
tion, the DEFAULT_VLAN is the primary VLAN. However, you can designate 
any VLAN configured in the switch as the primary VLAN. (See “The Primary 
VLAN” on page 12-6.) 


When using stacking in a multiple-VLAN environment, the following criteria 
applies: 
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■ 
Stacking uses only the primary VLAN on each switch in a stack. 


■	 
The primary VLAN can be tagged or untagged as needed in the 
stacking path from switch to switch. 


■	 
The same VLAN ID (VID) must be assigned to the primary VLAN in 
each stacked switch. 


Web: Viewing and Configuring Stacking 


Figure 15-38. Example of the Web Browser Interface for a Commander 


The web browser interface for a Commander appears as shown above. The 
interface for Members and Candidates appears the same as for a non-stacking 
switches. 


To view or configure stacking on the web browser interface: 


1. 
Click on the Configuration tab. 


2.	 
Click on Stacking to display the stackingconfiguration for an individual 
switch, and make any configuration changes you want for that switch. 


3.	 
Click on Apply Changes to save any configuration changes for the individ­ 
ual switch. 


4.	 
If the switch is a Commander, use the Stack Closeup and Stack Management 
buttons for viewing and using stack features. 


To access the web-based Help provided for the switch, click on [?] in the web 
browser screen. 
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Status Messages 


Stacking screens and listings display these status messages: 


Message 
Condition 
Action or Remedy 


Candidate Auto-join	 
Indicates a switch configured with Stack State set to 
Candidate, Auto Join set to Yes (the default), and no 
Manager password. 


None required 


Candidate	 
Candidate cannot automatically join the stack because 
one or both of the following conditions apply: 
• Candidate has Auto Join set to No. 
• Candidate has a Manager password. 


Manually add the candidate to the 
stack. 


Commander Down 
Member has lost connectivity to its Commander.	 
Check connectivity between the 
Commander and the Member. 


Commander Up 
The Member has stacking connectivity with the 
None required. 


Commander. 


Mismatch	 
This may be a temporary condition while a Candidate is 
trying to join a stack. If the Candidate does not join, then 
stack configuration is inconsistent. 


Initially, wait foranupdate. If condi­ 
tion persists, reconfigure the 
Commander or the Member. 


Member Down	 
A Member has become detached from the stack. A 
possible cause is an interruption to the link between the 
Member and the Commander. 


Check the connectivity between 
the Commander and the Member. 


Member Up 
The Commander has stacking connectivity to the Member. None required. 


Rejected 
The Candidate has failed to be added to the stack. 
The candidate may have a pass- 
word. In this case, manually add 
the candidate. Otherwise, the stack 
may already be full. A stack can 
hold up to 15 Members (plus the 
Commander). 
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Overview of IP Routing 


The switches covered in this guide offer IP static routing, supporting up to 16 
static routes. 


IP static routing is configurable through the switch’s console CLI. 


This chapter refers the switch as a “routing switch”. When IP routingisenabled 
on your switch, it behaves just like any other IP router. 


Basic IP routing configuration consists of adding IP addresses and enabling 
IP routing. 


For configuring the IP addresses, see chapter 7, “Configuring IP Addresses”. 
The rest of this chapter describes IP routing and how to configure it in more 
detail. Use the information in this chapter if you need to change some of the 
IP parameters from their default values or you want to view configuration 
information or statistics. 


IP Interfaces 


On the HP ProCurve routing switches, IP addresses are associated with 
individual VLANs. By default, there is a single VLAN (Default_VLAN) on the 
routing switch. In that configuration, a single IP address serves as the manage­ 
ment access address for the entire routing switch. If routing is enabled on the 
routing switch, the IP address on the single VLAN also acts as the routing 
interface. 


Each IP address range, specified by an IP address and a subnet mask or mask 
bits, must be in a single subnet and must be configured on a single VLAN. For 
example, if you configure the IP address range 192.200.200.0/24 on a VLAN on 
the routing switch, you cannot add the address 192.200.200.1 to a different 
VLAN on the same routing switch. The address 192.200.200.1 is in the address 
range 192.200.200.0/24 and so is known to exist on that interface and cannot 
be duplicated on a second VLAN interface. 


You can configure multiple IP subnets on the same VLAN. This is commonly 
known as multi-netting. The number of IP subnets you can configure on an 
individual VLAN interface is 8. 


You can use any of the IP addresses you configure on the routing switch for 
Telnet, Web management, or SNMP access, as well as for routing. 
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Not e	 
Your HP ProCurve switch supports IP addresses in classical sub-net format, 
which includes the IP address and the subnet mask (example: 
192.168.1.1 255.255.255.0), and Classless Interdomain Routing (CIDR) format 
(example: 192.168.1.1/24). You can use either format when configuring IP 
address information. IP addresses are displayed in classical sub-net format 
only, with or without the subnet mask. 


IP Tables and Caches 


The following sections describe the IP tables and caches:
 


■ 
ARP cache table
 


■ 
IP route table
 


■ 
IP forwarding cache
 


The software enables you to display these tables.
 


ARP Cache Table 


The ARP cache contains entries that map IP addresses to MAC addresses. 
Generally, the entries are for devices that are directly attached to the routing 
switch. 


ARP Cache. The ARP cache contains dynamic (learned) entries. The soft- 
ware places a dynamic entry in the ARP cache when the routing switch learns 
a device’s MAC address from an ARP request or ARP reply from the device. 


The software can learn an entry when the switch or routing switch receives 
an ARP request from another IP forwarding device or an ARP reply. Here is 
an example of a dynamic entry: 


IP Address 
MAC Address 
Type 
Port 
1 
207.95.6.102 
0800.5afc.ea21 
Dynamic 
6 


Figure 16-1. Example of a Dynamic Entry 


Each entry contains the destination device’s IP address and MAC address. 


To configure other ARP parameters, see “Configuring ARP Parameters” on 
page 16-7. 
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IP Route Table 


The IP route table contains routing paths to IP destinations. 


Not e	 
The default gateway, which is configured as part of the IP address configura­ 
tion described in chapter 7, “IP Addressing”, is used only when routing is not 
enabled on the switch. 


The IP route table can receive the routing paths from the following sources: 


■	 
A directly-connected destination, which means there are no router hops 
to the destination 


■ 
A static IP route, which is a user-configured route 


The IP route table contains the best path to a destination. When the software 
receives paths from more than one of the sources listed above, the software 
compares the administrative distance of each path and selects the path with 
the lowest administrative distance. The administrative distance is a protocol- 
independent value from 1 – 255. 


The IP route table is displayed by entering the CLI command show ip route 
from any context level in the console CLI. Here is an example of an entry in 
the IP route table: 


Destination 
Network Mask 
| Gateway 
Type 
Sub-Type 
Metric
 
--------------- --------------- + --------------- --------- ---------- ------
 
1.1.0.0 
255.255.0.0 
| 99.1.1.2 
connected 
1
 


Figure 16-2. Example of IP Route Table Entry 


Each IP route table entry contains the destination’s IP address and subnet 
mask and the IP address of the next-hop router interface to the destination. 
Each entry also indicates route type. The type indicates how the IP route table 
received the route. 


To configure a static IP route, see “Configuring a Static IP Route” on 
page 16-16. 


IP Forwarding Cache 


The IP forwarding cache provides a fast-path mechanism for forwarding IP 
packets. The cache contains entries for IP destinations. When an HP ProCurve 
routing switch has completed processing and addressing for a packet and is 
ready to forward the packet, the device checks the IP forwarding cache for an 
entry to the packet’s destination. 
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■	 
If the cache contains an entry with the destination IP address, the device 
uses the information in the entry to forward the packet out the ports listed 
in the entry. The destination IP address is the address of the packet’s final 
destination. The port numbers are the ports through which the destination 
can be reached. 


■	 
If the cache does not contain an entry, the software can create an entry in 
the forwarding cache. 


Each entry in the IP forwarding cache has an age timer. If the entry remains 
unused for five minutes, the software removes the entry. The age timer is not 
configurable. 


Not e 
You cannot add static entries to the IP forwarding cache. 


IP Global Parameters for Routing Switches 


The following table lists the IP global parameters and the page where you can 
find more information about each parameter. 


Table 16-1. IP Global Parameters for Routing Switches 


Parameter 
Description 
Default 
See page 


Address 
Resolution 
Protocol (ARP) 


A standard IP mechanism that routers use to learn the Media Access 
Control (MAC) address of a device on the network. The router sends 
the IP address of a device in the ARP request and receives the device’s 
MAC address in an ARP reply. 


Enabled 
16-7 


ARP age 
The amount of time the device keeps a MAC address learned through 
ARP in the device’s ARP cache. The device resets the timer to zero each 
time the ARP entry is refreshed and removes the entry if the timer 
reaches the ARP age. 


20 minutes 
16-9 


Proxy ARP 
An IP mechanism a router can use to answer an ARP request on behalf 
of a host. It replies with the router’s own MAC address instead of the 
host’s. 


Disabled 
16-10 


Time to Live 
(TTL) 
The maximum number of routers (hops) through which a packet can 
pass before being discarded. Each router decreases a packet’s TTL by 
1 before forwarding the packet. If decreasing the TTL causes the TTL 
to be 0, the router drops the packet instead of forwarding it. 


64 hops 
7-11 


Directed 
broadcast 
forwarding 


A directed broadcast is a packet containing all ones (or in some cases, 
all zeros) in the host portion of the destination IP address. When a router 
forwards such a broadcast, it sends a copy of the packet out each of its 
enabled IP interfaces. 
Note: You also can enable or disable this parameter on an individual 
interface basis. See table 16-2 on page 16-6. 


Disabled 
16-11 
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ICMP Router 
Discovery 
Protocol (IRDP) 


An IP protocol that a router can use to advertise the IP addresses of its 
router interfaces to directly attached hosts. You can enable or disable 
the protocol at the Global CLI Config level. 
You also can enable or disable IRDP and configure the following 
protocol parameters on an individual VLAN interface basis at the VLAN 
Interface CLI Config level. 
• Forwarding method (broadcast or multicast) 
• Hold time 
• Maximum advertisement interval 
• Minimum advertisement interval 
• Router preference level 


Disabled 
16-18 


16-19 


Static route 
An IP route you place in the IP route table. 
No entries 
16-14 


Default 
network route 
The router uses the default network route if the IP route table does not 
contain a route to the destination. For the Series 5300XL Switches, enter 
an explicit default route (0.0.0.0 0.0.0.0 or 0.0.0.0/0) as a static route in 
the IP route table. 


None 
configured 
16-16 


Parameter 
Description 
Default 
See page 


IP Interface Parameters for Routing Switches 


Table 16-2 lists the interface-level IP parameters for routing switches. 


Table 16-2. IP Interface Parameters – Routing Switches 


Parameter 
Description 
Default 
See page 


IP address 
A Layer 3 network interface address; separate IP 
addresses on individual VLAN interfaces. 
None configured 
chapter 7 


ICMP Router 
Discovery 
Protocol (IRDP) 


Locally overrides the global IRDP settings. See table 
16-1 on page 16-5 for global IRDP information. 
Disabled 
16-19 


IP helper address 
The IP address of a UDP application server (such as a 
BootP or DHCP server) or a directed broadcast 
address. IP helper addresses allow the routing switch 
to forward requests for certain UDP applications from 
a client on one sub-net to a server on another sub-net. 


None configured 
16-23 


16-6
 


IP Routing Features 


Configuring IP Parameters for Routing Switches 


Configuring IP Parameters for Routing 
Switches 


The following sections describe how to configure IP parameters. Some param­ 
eters can be configured globally while others can be configured on individual 
VLAN interfaces. Some parameters can be configured globally and overridden 
for individual VLAN interfaces. 


Not e	 
This section describes how to configure IP parameters for routing switches. 
For IP configuration information when routing is not enabled, refer to chapter 
8, ‘Configuring IP Addressing” . 


Configuring IP Addresses 


You can configure an IP address on the routing switch’s VLAN interfaces. 
Configuring IP addresses is described in detail in chapter 8, ‘Configuring IP 
Addressing” . 


Configuring ARP Parameters 


Address Resolution Protocol (ARP) is a standard IP protocol that enables an 
IP routing switch to obtain the MAC address of another device’s interface 
when the routing switch knows the IP address of the interface. ARP is enabled 
by default and cannot be disabled. 


How ARP Works 


A routing switch needs to know a destination’s MAC address when forwarding 
traffic, because the routing switch encapsulates the IP packet in a Layer 2 
packet (MAC layer packet) and sends the Layer 2 packet to a MAC interface 
on a device directly attached to the routing switch. The device can be the 
packet’s final destination or the next-hop router toward the destination. 


The routing switch encapsulates IP packets in Layer 2 packets regardless of 
whether the ultimate destination is locally attached or is multiple router hops 
away. Since the routing switch’s IP route table and IP forwarding cache 
contain IP address information but not MAC address information, the routing 
switch cannot forward IP packets based solely on the information in the route 
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table or forwarding cache. The routing switch needs to know the MAC address 
that corresponds with the IP address of either the packet’s locally attached 
destination or the next-hop router that leads to the destination. 


For example, to forward a packet whose destination is multiple router hops 
away, the routing switch must send the packet to the next-hop router toward 
its destination, or to a default route or default network route if the IP route 
table does not contain a route to the packet’s destination. In each case, the 
routing switch must encapsulate the packet and address it to the MAC address 
of a locally attached device, the next-hop router toward the IP packet’s 
destination. 


To obtain the MAC address required for forwarding a datagram, the routing 
switch does the following: 


■	 
First, the routing switch looks in the ARP cache (not the static ARP table) 
for an entry that lists the MAC address for the IP address. The ARP cache 
maps IP addresses to MAC addresses. The cache also lists the port 
attached to the device and, if the entry is dynamic, the age of the entry. A 
dynamic ARP entry enters the cache when the routing switch receives an 
ARP reply or receives an ARP request (which contains the sender’s IP 
address and MAC address). A static entry enters the ARP cache from the 
static ARP table (which is a separate table) when the interface for the 
entry comes up. 


To ensure the accuracy of the ARP cache, each dynamic entry has its own 
age timer. The timer is reset to zero each time the routing switch receives 
an ARP reply or ARP request containing the IP address and MAC address 
of the entry. If a dynamic entry reaches its maximum allowable age, the 
entry times out and the software removes the entry from the table. Static 
entries do not age out and can be removed only by you. 


■	 
If the ARP cache does not contain an entry for the destination IP address, 
the routing switch broadcasts an ARP request out all its IP interfaces. The 
ARP request contains the IP address of the destination. If the device with 
the IP address is directly attached to the routing switch, the device sends 
an ARP response containing its MAC address. The response is a unicast 
packet addressed directly to the routing switch. The routing switch places 
the information from the ARP response into the ARP cache. 


ARP requests contain the IP address and MAC address of the sender, so 
all devices that receive the request learn the MAC address and IP address 
of the sender and can update their own ARP caches accordingly. 


Note: The ARP request broadcast is a MAC broadcast, which means the 
broadcast goes only to devices that are directly attached to the routing 
switch. A MAC broadcast is not routed to other networks. However, some 
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routers, including HP routing switches, can be configured to reply to ARP 
requests from one network on behalf of devices on another network. See 
“Enabling Proxy ARP” below. 


Not e	 
If the routing switch receives an ARP request packet that it is unable to deliver 
to the final destination because of the ARP timeout and no ARP response is 
received (the routing switch knows of no route to the destination address), 
the routing switch sends an ICMP Host Unreachable message to the source. 


Changing the ARP Aging Period 


When the routing switch places an entry in the ARP cache, it also starts an 
aging timer for the entry. the aging timer ensures that the ARP cache does not 
retain learned entries that are no longer valid. An entry can become invalid 
when the device with the MAC address of the entry is no longer on the network. 


The default ARP age is twenty minutes. You can change the ARP age to a value 
of 1 - 240 minutes. 


To change the ARP age value to 30 minutes, you would use the following CLI 
command from the global configuration level: 


HPswitch(config)# ip arp-age 30
 


syntax: ip arp-age < 1-240 > 


To display the configured ARP age value, use the command show config from 
any CLI context level. The ARP age value is displayed unless you have not 
configured a value for ARP age and the default configuration is still being used. 
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Enabling Proxy ARP 


Proxy ARP allows a routing switch to answer ARP requests from devices on 
one network on behalf of devices in another network. Since ARP requests are 
MAC-layer broadcasts, they reach only the devices that are directly connected 
to the sender of the ARP request. Thus, ARP requests do not cross routers. 


For example, if Proxy ARP is enabled on a routing switch connected to two 
sub-nets, 10.10.10.0/24 and 20.20.20.0/24, the routing switch can respond to an 
ARP request from 10.10.10.69 for the MAC address of the device with IP 
address 20.20.20.69. In standard ARP, a request from a device in the 
10.10.10.0/24 sub-net cannot reach a device in the 20.20.20.0 sub-net if the sub- 
nets are on different network cables, and thus is not answered. 


An ARP request from one sub-net can reach another sub-net when both sub- 
nets are on the same physical segment (Ethernet cable), since MAC-layer 
broadcasts reach all the devices on the segment. 


Proxy ARP is disabled by default on HP routing switches. To enable Proxy 
ARP, enter the following commands from the VLAN context level in the CLI: 


HPswitch(config)# vlan 1
 


HPswitch(vlan-1)# ip proxy-arp
 


To again disable IP proxy ARP, enter the following command: 


HPswitch(vlan-1)# no ip proxy-arp
 


Syntax: [no] ip proxy-arp 


Configuring Forwarding Parameters 


The following configurable parameters control the forwarding behavior of 
your routing switch: 


■	 
Time-To-Live (TTL) threshold — configuring this parameter is covered in 
chapter 8, ‘Configuring IP Addressing” . 


■ 
Forwarding of directed broadcasts — see below. 


Not e	 
These parameters are global and thus affect all IP interfaces configured on the 
routing switch. 
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Enabling Forwarding of Directed Broadcasts 


A directed broadcast is an IP broadcast to all devices within a single directly- 
attached network or sub-net. A net-directed broadcast goes to all devices on 
a given network. A sub-net-directed broadcast goes to all devices within a 
given sub-net. 


Not e	 
A less common type, the all-sub-nets broadcast, goes to all directly-attached 
sub-nets. Forwarding for this broadcast type also is supported, but most 
networks use IP multicasting instead of all-sub-net broadcasting. 


Forwarding for all types of IP directed broadcasts is disabled by default. You 
can enable forwarding for all types if needed. You cannot enable forwarding 
for specific broadcast types. 


To enable forwarding of IP directed broadcasts, enter the following CLI 
command: 


HPswitch(config)# ip directed-broadcast
 


Syntax: [no] ip directed-broadcast 


HP software makes the forwarding decision based on the routing switch's 
knowledge of the destination network prefix. Routers cannot determine that 
a message is unicast or directed broadcast apart from the destination network 
prefix. The decision to forward or not forward the message is by definition 
only possible in the last hop router. 


To disable the directed broadcasts, enter the following CLI command: 


HPswitch(config)# no ip directed-broadcast
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Configuring ICMP 


You can configure the following ICMP limits: 


■ 
Burst-Normal – The maximum number of ICMP replies to send per 
second. 


■ 
Reply Limit – You can enable or disable ICMP reply rate limiting. 


Disabling ICMP Messages 


HP devices are enabled to reply to ICMP echo messages and send ICMP 
Destination Unreachable messages by default. 


You can selectively disable the following types of Internet Control Message 
Protocol (ICMP) messages: 


■ 
Echo messages (ping messages) – The routing switch replies to IP pings 
from other IP devices. 


■ 
Destination Unreachable messages – If the routing switch receives an 
IP packet that it cannot deliver to its destination, the routing switch 
discards the packet and sends a message back to the device that sent the 
packet to the routing switch. The message informs the device that the 
destination cannot be reached by the routing switch. 


■ 
Address Mask replies – You can enable or disable ICMP address mask 
replies. 


Disabling Replies to Broadcast Ping Requests 


By default, HP devices are enabled to respond to broadcast ICMP echo 
packets, which are ping requests. You can disable response to ping requests 
on a global basis using the following CLI method. 


To disable response to broadcast ICMP echo packets (ping requests), enter 
the following command: 


HPswitch(config)# no ip icmp echo broadcast-request
 


Syntax: [no] ip icmp echo broadcast-request 


If you need to re-enable response to ping requests, enter the following 
command: 


HPswitch(config)# ip icmp echo broadcast-request
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Disabling ICMP Destination Unreachable Messages 


By default, when an HP device receives an IP packet that the device cannot 
deliver, the device sends an ICMP Unreachable message back to the host that 
sent the packet. The following types of ICMP Unreachable messages are 
generated: 


■ 
Administration – The packet was dropped by the HP device due to a 
filter or ACL configured on the device. 


■ 
Fragmentation-needed – The packet has the Don’t Fragment bit set in 
the IP Flag field, but the HP device cannot forward the packet without 
fragmenting it. 


■ 
Host – The destination network or sub-net of the packet is directly 
connected to the HP device, but the host specified in the destination IP 
address of the packet is not on the network. 


■ 
Network – The HP device cannot reach the network specified in the 
destination IP address of the packet. 


■ 
Port – The destination host does not have the destination TCP or UDP 
port specified in the packet. In this case, the host sends the ICMP Port 
Unreachable message to the HP device, which in turn sends the message 
to the host that sent the packet. 


■ 
Protocol – The TCP or UDP protocol on the destination host is not 
running. This message is different from the Port Unreachable message, 
which indicates that the protocol is running on the host but the requested 
protocol port is unavailable. 


■ 
Source-route-failure – The device received a source-routed packet but 
cannot locate the next-hop IP address indicated in the packet’s Source- 
Route option. 


Not e	 
Disabling an ICMP Unreachable message type does not change the HP device’s 
ability to forward packets. Disabling ICMP Unreachable messages prevents 
the device from generating or forwarding the Unreachable messages. 


To disable all ICMP Unreachable messages, enter the following command: 


HPswitch(config)# no ip icmp unreachable
 


Syntax: [no] ip icmp unreachable 
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Disabling ICMP Redirects 


You can disable ICMP redirects on the HP routing switch. only on a global 
basis, for all the routing switch interfaces. To disable ICMP redirects globally, 
enter the following command at the global CONFIG level of the CLI: 


HPswitch(config)# no ip icmp redirects
 


Syntax: [no] ip icmp redirects 


Configuring Static IP Routes 


The IP route table can receive routes from the following sources: 


■ 
Directly-connected networks – When you add an IP VLAN interface, 
the routing switch automatically creates a route for the network the 
interface is in. 


■ 
Statically configured route – You can add routes directly to the route 
table. When you add a route to the IP route table, you are creating a static 
IP route. This section describes how to add static routes to the IP route 
table. 


■ 
Default network route – This is a specific static route that the routing 
switch uses if other routes to the destination are not available. See 
“Configuring the Default Route” on page 16-16. 


Static Route Types 


You can configure the following types of static IP routes: 


■ 
Standard – the static route consists of the destination network address 
and network mask, and the IP address of the next-hop gateway. You can 
configure multiple standard static routes with the same metric for load 
sharing or with different metrics to provide a primary route and backup 
routes. 


■ 
Null (reject) – the static route consists of the destination network 
address and network mask, and the reject parameter. Typically, the null 
route is configured as a backup route for discarding traffic if the primary 
route is unavailable. 
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Static IP Route Parameters 


When you configure a static IP route, you must specify the following param­ 
eters: 


■ 
The IP address and network mask for the route’s destination network. 


■ 
The route’s path, which can be one of the following: 


• 
The IP address of a next-hop gateway 


•	 
A “null” interface. The routing switch drops traffic forwarded to the 
null interface. 


The HP ProCurve routing switch applies fixed default values for the following 
routing parameters: 


■ 
The route’s metric – The value the routing switch uses when comparing 
this route to other routes in the IP route table to the same destination. The 
metric applies only to routes that the routing switch has already placed 
in the IP route table. The default metric for static IP routes is 1. 


■ 
The route’s administrative distance – The value that the routing switch 
uses to compare this route with routes from other route sources to the 
same destination before placing a route in the IP route table. This param­ 
eter does not apply to routes that are already in the IP route table. The 
default administrative distance for static IP routes is 1. 


The default metric and administrative distance values ensure that the routing 
switch always prefers static IP routes over routes from other sources to the 
same destination. 


Static Route States Follow VLAN (Interface) States 


IP static routes remain in the IP route table only so long as the VLAN interface 
used by the route is available. If the VLAN becomes unavailable, the software 
removes the static route from the IP route table. If the VLAN later becomes 
available again, the software adds the route back to the route table. 


This feature allows the routing switch to adjust to changes in network 
topology. The routing switch does not continue trying to use routes on 
unavailable paths but instead uses routes only when their paths are available. 
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Configuring a Static IP Route 


To configure an IP static route with a destination address of 192.0.0.0 255.0.0.0 
and a next-hop router IP address of 195.1.1.1, you would enter the following 
commands: 


HPswitch(config)# ip route 192.0.0.0 255.0.0.0 195.1.1.1 
HPswitch(config)# write memory 


Syntax: ip route < dest-ip-addr > < dest-mask > < next-hop-ip-addr > 


— or — 
ip route < dest-ip-addr >/< mask-bits > < next-hop-ip-addr > 


The < dest-ip-addr > is the route’s destination. 


The < dest-mask > parameter specifies the subnet mask for the routes destina­ 
tion IP address. Ones are significant bits and zeros allow any value. For 
example, the mask 255.255.255.0 matches on all hosts within the Class C sub- 
net address specified by the < dest-ip-addr >. Alternatively, you can use the 
CIDR notation and specify the number of bits in the network mask. For 
example, you can enter 209.157.22.0/24 instead of 209.157.22.0 255.255.255.0. 


The < next-hop-ip-addr > is the IP address of the next router in the path to the 
destination. 


Configuring the Default Route 


You can also assign a default route and enter it in the routing table. The default 
route is the route assigned to all traffic that has destinations that are not in 
the local routing table. For example, if 208.45.228.35 is the ip address of your 
ISP router, all non-local traffic could be directed to that route by entering the 
commands: 


HPswitch(config)# ip route 0.0.0.0 0.0.0.0 208.45.228.35 
HPswitch(config)# write memory 
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Configuring a “Null” Route 


You can configure the routing switch to drop IP packets to a specific network 
or host address by configuring a “null” (sometimes called “null0”) static route 
for the address. When the routing switch receives a packet destined for the 
address, the routing switch drops the packet instead of forwarding it. 


To configure a null static route to drop packets destined for network 
209.157.22.x, enter the following commands: 


HPswitch(config)# ip route 209.157.22.0 255.255.255.0 reject 
HPswitch(config)# write memory 


Syntax: ip route < ip-addr > < ip-mask > reject 


— or — 
ip route < ip-addr >/< mask-bits > reject 


Using this command, the routing switch will drop packets that contain the 
specified IP address in the destination field instead of forwarding them. 


The reject parameter indicates that this is a null route. You must specify this 
parameter to make this a null route. 


16-17 


IP Routing Features 
Configuring IRDP 


Configuring IRDP 


The ICMP Router Discovery Protocol (IRDP) is used by HP routing switches 
to advertise the IP addresses of its router interfaces to directly attached hosts. 
IRDP is enabled by default. You can enable the feature on a global basis or on 
an individual VLAN interface basis. 


When IRDP is enabled, the routing switch periodically sends Router Adver­ 
tisement messages out the IP interfaces on which the feature is enabled. The 
messages advertise the routing switch's IP addresses to directly attached 
hosts who listen for the messages. In addition, hosts can be configured to 
query the routing switch for the information by sending Router Solicitation 
messages. 


Some types of hosts use the Router Solicitation messages to discover their 
default gateway. When IRDP is enabled on the HP routing switch, the routing 
switch responds to the Router Solicitation messages. Some clients interpret 
this response to mean that the routing switch is the default gateway. If another 
router is actually the default gateway for these clients, leave IRDP disabled 
on the HP routing switch. 


IRDP uses the following parameters. If you enable IRDP on individual VLAN 
interfaces, you can configure these parameters on an individual VLAN inter- 
face basis. 


■ 
Packet type - The routing switch can send Router Advertisement 
messages as IP broadcasts or as IP multicasts addressed to IP multicast 
group 224.0.0.1. The default packet type is IP broadcast. 


■ 
Hold time - Each Router Advertisement message contains a hold time 
value. This value specifies the maximum about of time the host should 
consider an advertisement to be valid until a newer advertisement arrives. 
When a new advertisement arrives, the hold time is reset. The hold time 
is always longer than the maximum advertisement interval. Therefore, if 
the hold time for an advertisement expires, the host can reasonably 
conclude that the router interface that sent the advertisement is no longer 
available. The default hold time is three times the maximum message 
interval. 


■ 
Maximum message interval and minimum message interval - when 
IRDP is enabled, the routing switch sends the Router Advertisement 
messages every 450-600 seconds by default. The time within this interval 
that the routing switch selects is random for each message and is not 
affected by traffic loads or other network factors. The random interval 
minimizes the probability that a host will receive Router Advertisement 
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messages from other routers at the same time. The interval on each IRDP- 
enabled routing switch interface is independent of the interval on other 
IRDP-enabled interfaces. The default maximum message interval is 600 
seconds. The default minimum message interval is 450 seconds. 


■ 
Preference - If a host receives multiple Router Advertisement messages 
from different routers, the host selects the router that send the message 
with the highest preference as the default gateway. The preference can be 
a number from -4294967296 to 4294967295. The default is 0. 


Enabling IRDP Globally 


To enable IRDP globally, enter the following command: 


HPswitch(config)# ip irdp 


This command enables IRDP on the IP interfaces on all ports. Each port uses 
the default values for the IRDP parameters. 


Enabling IRDP on an Individual VLAN Interface 


To enable IRDP on an individual VLAN interface and configure IRDP param­ 
eters, enter commands such as the following: 


HPswitch(config)# vlan 1 


HPswitch(vlan-1)# ip irdp maxadvertinterval 400 


This example shows how to enable IRDP on a specific interface (VLAN 1) and 
change the maximum advertisement interval for Router Advertisement 
messages to 400 seconds. 
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Syntax: 
[no] ip irdp 


Enables or disables (the default) ip irdp on the specified 
VLAN. 


[broadcast | multicast] 


This parameter specifies the packet type the routing 
switch uses to send the Router Advertisement: 
broadcast - The routing switch sends Router 
Advertisements as IP broadcasts. 


multicast - The routing switch sends Router 
Advertisements as multicast packets addressed to IP 
multicast group 224.0.0.1. This is the default. 


[ holdtime < seconds >] 


This parameter specifies how long a host that receives a 
Router Advertisement from the routing switch should 
consider the advertisement to be valid. When a host 
receives a new Router Advertisement message from the 
routing switch, the host resets the hold time for the 
routing switch to the hold time specified in the new 
advertisement. If the hold time of an advertisement 
expires, the host discards the advertisement, concluding 
that the router interface that sent the advertisement is no 
longer available. The value must be greater than the value 
of the maxadvertinterval parameter and cannot be 
greater than 9000. The default is three times the value of 
the maxadvertinterval parameter. 


[maxadvertinterval < seconds >] 


This parameter specifies the maximum amount of time the 
routing switch waits between sending Router 
Advertisements. You can specify a value from 1 to the current 
value of the holdtime parameter. Default: 600 (seconds). 
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[ minadvertinterval < seconds > ] 


This parameter specifies the minimum amount of time the 
routing switch can wait between sending Router 
Advertisements. Default: three-fourths (0.75) the value of the 
maxadvertinterval parameter. 


If you change the maxadvertinterval parameter, the software 
automatically adjusts the minadvertinterval parameter to be 
three-fourths the new value of the maxadvertinterval 
parameter. If you want to override the automatically 
configured value, you can specify an interval from 1 to the 
current value of the maxadvertinterval parameter. 


[preference < number >] 


This parameter specifies the IRDP preference level of this 
routing switch. If a host receives Router Advertisements from 
multiple routers, the host selects the router interface that sent 
the message with the highest preference as the host's default 
gateway. The valid range is -4294967296 to 4294967295. 
Default: 0. 


Displaying IRDP Information 


To display IRDP information, enter the following command from any CLI level: 


HPswitch# show ip irdp 


Status and Counters - ICMP Router Discovery Protocol 


Globa l Status : Disabled 
VLAN Name 
Status 
Adver tising Min int Max int Holdtime Preference 


Add 
ress 
(sec) 
(sec) 
(sec) 


----- --------- -------- ------------ ------- ------- -------- 


DEFAU LT_VLAN Enable d multicast 
450 
600 
1800 
0 


VLAN2 0 
Enable d multicast 
450 
600 
1800 
0 


VLAN3 0 
Enable d multicast 
450 
600 
1800 
0 


Figure 16-3. Example of Displaying IRDP Information 
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Configuring DHCP Relay 


Overview 


The Dynamic Host Configuration Protocol (DHCP) is used for configuring 
hosts with IP address and other configuration parameters without human 
intervention.The protocol is composed ofthree components: the DHCPclient, 
the DHCP server, and the DHCP relay agent. The DHCP client sends broadcast 
request packets to the network, the DHCP servers respond with broadcast 
packets that offer IP parameters, such as an IP address for the client. After 
the client chooses the IP parameters, communication between the client and 
server is by unicast packets. 


The function of the DHCP relay agent is to forward the DHCP messages to 
other subnets so that the DHCP server doesn’t have to be on the same subnet 
as the DHCP clients. The DHCP relay agent transfers the DHCP messages from 
DHCP clients located on a subnet without DHCP server, to other subnets. It 
also relays answers from DHCP servers to DHCP clients. 


DHCP Packet Forwarding 


The DHCP relay agent on the routing switch forwards DHCP client packets to 
all DHCP servers that are configured in the table administrated for each VLAN. 


Unicast Forwarding 


The packets are forwarded using unicast forwarding if the IP address of the 
DHCP server is a specific host address. The DHCP relay agent sets the 
destination IP address of the packet to the IP address of the DHCP server and 
forwards the message. 


Broadcast Forwarding 


The packets are forwarded using broadcast forwarding if the IP address of the 
DHCP server is a subnet address or IP broadcast address (255.255.255.255). 
The DHCP relay agent sets the DHCP server IP address will be set to broadcast 
IP address and forwarded to all VLANs with configured IP interfaces (except 
the source VLAN). 
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Minimum Requirements for DHCP Relay Operation 


In order for the DHCP Relay agent to work, the following steps must be 
completed: 


1. 
DHCP Relay is enabled on the routing switch 


2. 
A DHCP server is servicing the routing switch 


3. 
IP Routing is enabled on the routing switch 


4. 
There is a route from the DHCP server to the routing switch and back 


5.	 
An IP Helper address is configured on the routing switch, set to the IP 
address of the DHCP server on the VLAN that is connected to the DHCP 
Client. 


Enabling DHCP Relay 


To enable the DHCP Relay function for the routing switch, at the Config CLI 
context level, enter the command: 


HPswitch(config)# dhcp-relay 


To disable the DHCP Relay function, enter the command: 


HPswitch(config)# no dhcp-relay 


Configuring a Helper Address 


At the VLAN configuration CLI context level, enter the commands to add the 
DHCP server’s IP address to the VLANs list. For example, to configure a helper 
address of 18.38.127.53 for VLAN 1, you would enter these commands: 


HPswitch(conf)# vlan 1	 


HPswitch(vlan-1)# ip helper-address 18.38.127.53	 


To remove the DHCP server helper address 18.38.127.53 , you would enter this 
command: 


HPswitch(vlan-1)# no ip helper-address 18.38.127.53 
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Overview 


You can download new switch software and upload or download switch 
configuration files. These features are useful for acquiring periodic switch 
software upgrades and for storing or retrieving a switch configuration. 


This appendix includes the following information: 


■ 
Downloading switch software (begins below) 


■ 
Transferring switch configurations (begins on page A-13) 


For information on how switch memory operates, including primary and 
secondary flash, see Chapter 6, “Switch Memory and Configuration”. 


Not e	 
In the switch console interface, the switch software is referred to as the OS, 
for switch “operating system”. 


Downloading Switch Software 


HP periodically provides switch software updates through the HP ProCurve 
website (http://www.hp.com/go/hpprocurve). For more information, see the 
support and warranty booklet shipped with the switch. After you acquire a 
new switch software file, you can use one of the following methods for 
downloading the switch software code to the switch: 


Switch Software Download Features 


Feature 
Default 
Menu 
CLI 
Web 


TFTP 


Xmodem 


Switch-to-Switch 


SNMP Download Manager in HP TopTools 
for Hubs & Switches 


n/a 
page A-4 
page A-6 
— 


n/a 
page A-7 
page A-8 
— 


n/a 
page A-9 
page A-10 


Refer to the documentation provided with HP 
TopTools for Hubs and Switches 
Note: Although TopTools recognizes the 
Switch 2626 as an SNMP device, customized 
device management is not supported for the 
Switch 2626 in HP TopTools for hubs and 
switches. 
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General Switch Software Download Rules 


■ 
A switch software image downloaded through the menu interface always 
goes to primary flash. 


■ 
After a switch software download, you must reboot the switch to imple­ 
ment the newly downloaded code. Until a reboot occurs, the switch 
continues to run on the software it was using before the download started. 


Not e	 
Downloading new switch software does not change the current switch con- 
figuration. The switch configuration is contained in separate files that can also 
be transferred. Refer to “Transferring Switch Configurations” on page A-13. 


In most cases, if a power failure or other cause interrupts a flash image 
download, the switch reboots with the image previously stored in primary 
flash. In the unlikely event that the primary image is corrupted (which may 
occur if a download is interrupted by a power failure), the switch goes into 
boot ROM mode. In this case, use the boot ROM console to download a new 
switch software image to primary flash. Refer to “Restoring a Flash Image” on 
page C-41. 


Using TFTP To Download Switch Software from a 
Server 


This procedure assumes that: 


■ 
An switch software file for the switch has been stored on a TFTP server 
accessible to the switch. (The switch software file is typically available 
from the HP ProCurve website at http://www.hp.com/go/hpprocurve.) 


■ 
The switch is properly connected to your network and has already been 
configured with a compatible IP address and subnet mask. 


■ 
The TFTP server is accessible to the switch through IP. 


Before you use the procedure, do the following: 


■ 
Obtain the IP address of the TFTP server in which the switch software file 
has been stored. 


■ 
If VLANs are configured on the switch, determine the name of the VLAN 
in which the TFTP server is operating. 


■ 
Determine the name of the switch software file stored in the TFTP server 
for the switch (for example, G0721.swi). 
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Not e	 
If your TFTP server is a Unix workstation, ensure that the case (upper or 
lower) that you specify for the filename is the same case as the characters 
in the switch software filenames on the server. 


Menu: TFTP Download from a Server to Primary Flash 


Note that the menu interface accesses only the primary flash. 


1. 
In the console Main Menu, select Download OS to display this screen: 


Figure A-1. Example of the Download OS Screen (Default Values) 


2. 
Press [E] (for Edit). 


3. 
Ensure that the Method field is set to TFTP (the default). 


4.	 
In the TFTP Server field, type in the IP address of the TFTP server in which 
the switch software file has been stored. 


5.	 
In the Remote File Name field, type the name of the switch software file. 
If you are using a UNIX system, remember that the filename is case- 
sensitive. 


6.	 
Press [Enter], then [X] (for eXecute) to begin the switch software download. 
The following screen then appears: 
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Progress Bar 


Figure A-2. Example of the Download OS Screen During a Download 


A “progress” bar indicates the progress of the download. When the entire 
switch software file has been received, all activity on the switch halts and 
you will see Validating and writing system software to FLASH... 


7.	 
After the primary flash memory has been updated with the new switch 
software, you must reboot theswitch to implement the newly downloaded 
code. From the Main Menu and press [6] (for Reboot Switch). You will then 
see this prompt: 


Continue reboot of system? : No
 


Press the space bar once to change No to Yes, then press [Enter] to begin 
the reboot. 


Not e	 
When you use the menu interface to download switch software, the new 
image is always stored in primary flash. Also, using the Reboot Switch 
option in the Main Menu always reboots the switch from primary flash. 
Rebooting the switch from the CLI gives you more options. Refer to 
“Rebooting the Switch” on page 6-17. 


8.	 
After you reboot the switch, confirm that the switch software downloaded 
correctly: 


a.	 
From the Main Menu, select 1. Status and Counters, and from the Status 
and Counters menu, select 1. General System Information 


b. Check the Firmware revision line. 


c. 
From the CLI, use the command show version or show flash. 
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CLI: TFTP Download from a Server to Primary or Secondary 
Flash 


This command automatically downloads a switch software image to primary 
or secondary flash. 


Syntax: 
copy tftp flash < ip-address > < remote-os-file > [< primary | secondary >] 


Note that if you do not specify the flash destination, the Xmodem download 
defaults to primary flash. 


For example, to download a switch software file named G0502.swi from a 
TFTP server with the IP address of 10.28.227.103 to primary flash: 


1. 
Execute copy as shown below: 


Dynamic counter continually displays the 
number of bytes transferred. 


This message means that the image you 
want to upload will replace the image 
currently in primary flash. 


Figure A-3. Example of the Command to Download Switch Software 


2.	 
When the switch finishes downloading the switch software file from the 
server, it displays this progress message: 


Validating and Writing System Software to FLASH . . . 


3.	 
When the switch is ready to activate the downloaded software you will 
see this message: 


System software written to FLASH. 


You will need to reboot to activate. 


At this point, use the boot command to reboot the switch and activate the 
software you just downloaded: 


HPswitch # boot
 


(For more on these commands, refer to “Rebooting the Switch” on page 
6-17.) 


4.	 
To confirm that the switch software downloaded correctly, execute show 
system and check the Firmware revision line. 


If you need information on primary/secondary flash memory and the boot 
commands, refer to “Using Primary and Secondary Flash Image Options” on 
page 6-12. 


A-6 


File Transfers 


Downloading Switch Software 


Using Xmodem to Download Switch Software From a 
PC or UNIX Workstation 


This procedure assumes that: 


■	 
The switch is connected via the Console RS-232 port to a PC operating as 
a terminal. (Refer to the Installation and Getting Started Guide you 
received with the switch for information on connecting a PC as a terminal 
and running the switch console interface.) 


■ 
The switch software is stored on a disk drive in the PC. 


■	 
The terminal emulator you are using includes the Xmodem binary transfer 
feature. (For example, in the HyperTerminal application included with 
Windows NT, you would use the Send File option in the Transfer dropdown 
menu.) 


Menu: Xmodem Download to Primary Flash 


Note that the menu interface accesses only the primary flash. 


1. 
From the console Main Menu, select 


7. Download OS 


2. 
Press [E] (for Edit). 


3. 
Use the Space bar to select XMODEM in the Method field. 


4.	 
Press [Enter], then [X] (for eXecute) to begin the switch software download. 
The following message then appears: 


Press enter and then initiate Xmodem transfer 
from the attached computer..... 


5.	 
Press [Enter] and then execute the terminal emulator command(s) to begin 
Xmodem binary transfer. For example, using HyperTerminal: 


a. 
Click on Transfer, then Send File. 


b. Type the file path and name in the Filename field. 


c. 
In the Protocol field, select Xmodem. 


d. Click on the Send button. 


The download will then commence. It can take several minutes, depend­ 
ing on the baud rate set in the switch and in your terminal emulator. 


6.	 
After the primary flash memory has been updated with the new operating 
system, you must reboot the switch to implement the newly downloaded 
software. Return to the Main Menu and press [6] (for Reboot Switch). You 
will then see this prompt: 
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Continue reboot of system? : No
 


Press the space bar once to change No to Yes, then press [Enter] to begin 
the reboot. 


7. 
To confirm that the switch software downloaded correctly: 


a. 
From the Main Menu, select 


1. Status and Counters 


1. General System Information 


b. Check the Firmware revision line. 


CLI: Xmodem Download from a PC or Unix Workstation to 
Primary or Secondary Flash 


Using Xmodem and a terminal emulator, you can download a switch software 
file to either primary or secondary flash. 


Syntax: 
copy xmodem flash [< primary | secondary >] 


Note that if you do not specify the flash destination, the Xmodem download 
defaults to primary flash. 


For example, to download a switch software file named G0103.swi from a PC 
(running a terminal emulator program such as HyperTerminal) to primary 
flash: 


1. 
Execute the following command in the CLI: 


Figure A-4.	 Example of the Command to Download Switch Software Using 
Xodem 


2. 
Execute the terminal emulator commands to begin the Xmodem transfer. 
For example, using HyperTerminal: 


a. 
Click on Transfer, then Send File. 


b. Type the file path and name in the Filename field. 


c. 
In the Protocol field, select Xmodem. 


d. Click on the Send button. 


The download can take several minutes, depending on the baud rate used 
in the transfer. 
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3.	 
When the download finishes, you must reboot the switch to implement 
the newly dowloaded switch software. To do so, use one of the following 
commands: 


boot system flash <primary | secondary> 


Reboots the switch from the selected flash memory. 


-or- 


reload 


Reboots the switch from the flash image currently in use. 


(For more on these commands, refer to “Rebooting the Switch” on page 
6-17.) 


4. 
To confirm that the operating system downloaded correctly, use the show 
system, show version, or show flash CLI commands. 


Check the Firmware revision line. It should show the switch software 
version that you downloaded in the preceding steps. 


If you need information on primary/secondary flash memory and the boot 
commands, refer to “Using Primary and Secondary Flash Image Options” on 
page 6-12. 


Switch-to-Switch Download 


You can use TFTP to transfer a switch software file between two HP ProCurve 
switches that use the same software code base. The menu interface enables 
you to transfer primary-to-primary or secondary-to-primary. The CLI enables 
all combinations of flash location options. 


Menu: Switch-to-Switch Download to Primary Flash 


Using the menu interface, you can download switch software from either the 
primary or secondary flash of one switch to the primary flash of another 
switch. 


1.	 
From the switch console Main Menu in the switch to receive the down- 
load, select 7. Download OS screen. 


2. 
Ensure that the Method parameter is set to TFTP (the default). 


3.	 
In the TFTP Server field, enter the IP address of the remote switch contain­ 
ing the switch software you want to download. 


4. 
For the Remote File Name, enter one of the following: 


•	 
To download the switch software from the primary flash of the source 
switch, type flash or /os/primary in lowercase characters. 
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•	 
To download the switch software from the secondary flash of the 
source switch, type /os/secondary. 


5. 
Press [Enter], then [X] (for eXecute) to begin the switch software download. 


6.	 
A “progress” bar indicates the progress of the download. When the entire 
operating system has been received, all activity on the switch halts and 
the following messages appear: 


Validating and writing system software to FLASH... 


7.	 
After the primary flash memory has been updated with the new operating 
system, you must reboot the switch to implement the newly downloaded 
software. From the Main Menu, press [6] (for Reboot Switch). You will then 
see this prompt: 


Continue reboot of system? : 
No 


Press the space bar once to change No to Yes, then press [Enter] to begin 
the reboot. 


8. 
To confirm that the operating system downloaded correctly: 


a. 
From the Main Menu, select 


Status and Counters 


General System Information 


b. Check the Firmware revision line. 


CLI: Switch-To-Switch Downloads 


You can download a switch software file between two switches that use the 
same code base and which are connected on your LAN. To do so, use a copy 
tftp command from the destination switch.The options for this CLI feature 
include: 


■	 
Copy from primary flash in the source to either primary or secondary in 
the destination. 


■	 
Copy from either primary or secondary flash in the source to either 
primary or secondary flash in the destination. 


Downloading from Primary Only. This command (executed in the destina­ 
tion switch) downloads the switch software from the source switch’s primary 
flash to either the primary or secondary flash in the destination switch. 


Syntax: 
copy tftp flash < ip-addr > flash [primary | secondary] 


If you do not specify either a primary or secondary flash location for the 
destination, the download automatically goes to primary flash. 
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For example, to download switch software from primary flash in a switch with 
an IP address of 10.28.227.103 to the primary flash in the destination switch, 
you would execute the following command in the destination switch’s CLI: 


Running Total 
of Bytes 
Downloaded 


Figure A-5.	 Switch-To-Switch, from Primary in Source to Either Flash in 
Destination 


Downloading from Either Flash in the Source Switch to Either Flash 
in the Destination Switch. This command (executed in the destination 
switch) gives you the most options for downloading between switches. 


Syntax: 
copy tftp flash < ip-addr > < /os/primary > | < /os/secondary > 
[primary | secondary] 


If you do not specify either a primary or secondary flash location for the 
destination, the download automatically goes to primary flash. 


For example, to download switch software from secondary flash in a switch 
with an IP address of 10.28.227.103 to the secondary flash in the destination 
switch, you would execute the following command in the destination switch’s 
CLI: 


Figure A-6.	 Switch-to-Switch, from Either Flash in Source to Either Flash in 
Destination 


Using the HP TopTools for Hubs & Switches Utility 


HP TopTools for Hubs & Switches includes a software update utility for 
updating on HP ProCurve switch products. For further information, refer to 
the HP TopTools for Hubs & Switches User Guide, provided electronically 
with the HP TopTools software. 


Not e	 
Although TopTools recognizes the Switch 2626 as an SNMP device, custom­ 
ized device management is not supported for the Switch 2626 in HP TopTools 
for hubs and switches. 
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Troubleshooting TFTP Downloads 


When using the menu interface, if a TFTP download fails, the Download OS 
screen indicates the failure. 


Message Indicating 
cause of TFTP Download 
Failure 


Figure A-7. Example of Message for Download Failure 


To find more information on the cause of a download failure, examine the 
messages in the switch’s Event Log by executing this CLI command: 


HPswitch# show log tftp
 


(For more on the Event Log, see “Using Logging To Identify Problem Sources” 
on page C-21.) 


Some of the causes of download failures include: 


■	 
Incorrect or unreachable address specified for the TFTP Server parameter. 
This may include network problems. 


■ 
Incorrect VLAN. 


■	 
Incorrect name specified for the Remote File Name parameter, or the 
specified file cannot be found on the TFTP server. This can also occur if 
the TFTP server is a Unix machine and the case (upper or lower) for the 
filename on the server does not match the case for the filename entered 
for the Remote File Name parameter in the Download OS screen. 


■ 
One or more of the switch’s IP configuration parameters are incorrect. 
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■	 
For a Unix TFTP server, the file permissions for the switch software file 
do not allow the file to be copied. 


■	 
Another console session (through either a direct connection to a terminal 
device or through Telnet) was already running when you started the 
session in which the download was attempted. 


Not e	 
If an error occurs in which normal switch operation cannot be restored, the 
switch automatically reboots itself. In this case, an appropriate message is 
displayed after the switch reboots. 


Transferring Switch Configurations 


Transfer Features 


Feature 
Default 
Menu 
CLI 
Web 


use TFTP to copy from a remote 
host to a config file 


use TFTP to copy a config file to a 
remote host 


use Xmodem to copy a 
configuration from a serially 
connected host to a config file 


Use Xmodem to copy a config file 
to a serially connected host 


n/a 
— 
below 
— 


n/a 
— 
page A-14 
— 


n/a 
— 
page A-14 
— 


n/a 
— 
page A-15 
— 


Using the CLI commands described in this section, you can copy switch 
configurations to and from a switch. 


TFTP: Copying a Configuration from a Remote Host. 


Syntax: 
copy tftp < startup-config | running-config>< ip-address > < remote-file > 


This command copies a configuration from a remote host to the startup-config 
file in the switch. (Refer to Chapter 6, “Switch Memory and Configuration” for 
information on the startup-config file.) 


For example, to download a configuration file named sw4100 in the configs 
directory on drive "d" in a remote host having an IP address of 10.28.227.105: 


HPswitch# copy tftp startup-config 10.28.227.105 
d:\configs\sw4100
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TFTP: Copying a Configuration File to a Remote Host. 


Syntax: copy < startup-config | running-config > tftp < ip-addr > < remote-file > 


This command copies the switch’s startup configuration (startup-config file) 
to a remote TFTP host. 


For example, to upload the current startup configuration to a file named 
sw4100 in the configs directory on drive "d" in a remote host having an IP 
address of 10.28.227.105: 


HPswitch# copy startup-config tftp 10.28.227.105 
d:\configs\sw4100
 


Xmodem: Copying a Configuration File from the Switch to a Serially 
Connected PC or Unix Workstation. To use this method, the switch must 
be connected via the serial port to a PC or Unix workstation to which you 
want to copy the configuration file. You will need to: 


■ 
Determine a filename to use. 


■ 
Know the directory path you will use to store the the configuration file. 


Syntax: 
copy < startup-config | running-config > xmodem < pc | unix > 


For example, to copy a configuration file to a PC serially connected to the 
switch: 


1. 
Determine the file name and directory location on the PC. 


2. 
Execute the following command:
 


HPswitch# copy startup-config xmodem pc
 


3. 
After you see the following prompt, press [Enter].
 


Press ’Enter’ and start XMODEM on your host...
 


4. 
Execute the terminal emulator commands to begin the file transfer. 
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Xmodem: Copying a Configuration File from a Serially Connected PC 
or Unix Workstation. To use this method, the switch must be connected via 
the serial port to a PC or Unix workstation on whichis stored the configuration 
file you want to copy. To complete the copying, you will need to know the 
name of the file to copy and the drive and directory location of the file. 


Syntax: 
copy xmodem startup-config < pc | unix > 


For example, to copy a configuration file from a PC serially connected to the 
switch: 


1. 
Execute the following command: 


2. 
After you see the above prompt, press [Enter]. 


3. 
Execute the terminal emulator commands to begin the file transfer. 


4.	 
When the download finishes, you must reboot the switch to implement 
the newly dowloaded OS. To do so, use one of the following commands: 


boot system flash < primary | secondary > 


Reboots from the selected flash. 
-or- 


reload 


Reboots from the flash image currently in use. 


(For more on these commands, refer to “Rebooting the Switch” on page 
6-17.) 


A-15 


File Transfers 
Copying Diagnostic Data to a Remote Host, PC, or Unix Workstation 


Copying Diagnostic Data to a Remote 
Host, PC, or Unix Workstation 


You can use the CLI to copy the following types of switch data to a text file in 
a management device: 


■	 
Command Output: Sends the output of a switch CLI command as a file on 
the destination device. 


■	 
Event Log: Copies the switch’s Event Log into a file on the destination 
device. 


■	 
Crash Data: OS-specific data useful for determining the reason for a 
system crash. 


■	 
Crash Log: Processor-Specific operating data useful for determining the 
reason for a system crash. 


Copying Command Output to a Destination Device 


This command directs the displayed output of a CLI command to a file in a 
destination device. 


Syntax:
 
copy command-output <"cli-command"> tftp < ip-address > 
< filepath-filename > 


copy command-output < "cli-command" > xmodem 


For example, to use Xmodem to copy the output of show config to a serially 
connected PC: 


At this point, press 
[Enter] and start the 
Xmodem command 
sequence in your 
terminal emulator. 


Indicates the operation is finished. 


Figure A-8. 
Example of Sending Command Output to a File on an Attached PC 


Note that the command you specify must be enclosed in double-quote marks. 
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Copying Event Log Output to a Destination Device 


This command uses TFTP or Xmodem to copy the Event Log content to a PC 
or UNIX workstation on the network. 


Syntax: 
copy event-log tftp < ip-address > < filepath and filename > 


copy event-log xmodem 


For example, to copy the event log to a PC connected to the switch: 


At this point, press 
[Enter] and start the 
Xmodem command 
sequence in your 
terminal emulator. 


Figure A-9. 
Example of Sending Event Log Content to a File on an Attached PC 


Copying Crash Data Content to a Destination Device 


This command uses TFTP or Xmodem to copy the Crash Data content to a PC 
or UNIX workstation on the network. You can copy individual slot information 
or the master switch information. If you do not specify either, the command 
defaults to the master data. 


Syntax:
 
copy crash-data [< slot-id | master >] xmodem 
copy crash-data [< slot-id | master >] tftp < ip-address > < filename > 


where: 
slot-id = a - h, and retrieves the crash log or crash data from 
the processor on the module in the specified slot. 


master	 
Retrieves crash log or crash data from the switch’s 
chassis processor. 


For example, to copy the switch’s crash data to a file in a PC: 


At this point, press 
[Enter] and start the 
Xmodem command 
sequence in your 
terminal emulator. 


Figure A-10. Example of Copying Switch Crash Data Content to a PC 
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Copying Crash Log Data Content to a Destination Device 


This command uses TFTP or Xmodem to copy the Crash Log content to a PC 
or UNIX workstation on the network. You can copy individual slot information 
or the master switch information. If you do not specify either, the command 
defaults to the master data. 


Syntax: 
copy crash-log [< slot-id | master >] tftp < ip-address > 
< filepath and filename > 


copy crash-log [< slot-id | master >] xmodem 


where: 
slot-id = a - h, and retrieves the crash log or crash data from 
the processor on the module in the specified slot. 


master	 
Retrieves crash log or crash data from the switch’s 
chassis processor. 


For example, to copy the Crash Log for slot C to a file in a PC connected to 
the switch: 


At this point, press 
[Enter] and start the 
Xmodem command 
sequence in your 
terminal emulator. 


Figure A-11. Example of sending a Crash Log for Slot C to a File on an Attached PC 
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Overview 


The switch has several built-in tools for monitoring, analyzing, and trouble- 
shooting switch and network operation: 


■	 
Status: Includes options for displaying general switch information, man­ 
agement address data, port status, port and trunk group statistics, MAC 
addresses detected on each port or VLAN, and STP, IGMP, and VLAN data 
(page B-3). 


■	 
Counters: Display details of traffic volume on individual ports (page 
B-9). 


■	 
Event Log: Lists switch operating events (“Using Logging To Identify 
Problem Sources” on page C-21). 


■	 
Alert Log: Lists network occurrences detected by the switch—in the 
Status | Overview screen of the web browser interface (page 5-6). 


■	 
Configurable trap receivers: Uses SNMP to enable management sta­ 
tions on your network to receive SNMP traps from the switch (“SNMP 
Notification and Traps” on page 11-17). 


■	 
Port monitoring (mirroring): Copy all traffic from the specified ports 
to a designated monitoring port (page B-23). 


Not e	 
Link test and ping test—analysis tools in troubleshooting situations—are 
described in chapter 18, “Troubleshooting”. See page C-31. 
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Status and Counters Data 


This section describes the status and counters screens available through the 
switch console interface and/or the web browser interface. 


Not e	 
You can access all console screens from the web browser interface via Telnet 
to the console. Telnet access to the switch is available in the Device View 
window under the Configuration tab. 


Status or Counters Type 
Interface 
Purpose 
Page 


Menu Access to Status and Menu 
Counters 


General System Information Menu, CLI 


Management Address 
Information 


Module Information 


Port Status 


Port and Trunk Statistics 
and Flow Control Status 


VLAN Address Table 


Port Address Table 


STP Information 


IGMP Status 


VLAN Information 


Port Status Overview and 
Port Counters 


Menu, CLI 


Menu, CLI 


Menu, CLI, 
Web 


Menu, CLI, 
Web 


Menu, CLI 


Menu, CLI 


Menu, CLI 


Menu, CLI 


Menu, CLI 


Web 


Access menu interface for status and counter data. 
B-4 


Lists switch-level operating information. 
B-5 


Lists the MAC address, IP address, and IPX network number for 
B-6 


each VLAN or, if no VLANs are configured, for the switch. 


Lists the module type and description for each slot in which a 
B-7 


module is installed. 


Displays the operational status of each port. 
B-8 


Summarizes port activity and lists per-port flow control status. 
B-9 


Lists the MAC addresses of nodes the switch has detected on 
B-12 


specific VLANs, with the corresponding switch port. 


Lists the MAC addresses that the switch has learned from the 
B-12 


selected port. 


Lists Spanning Tree Protocol data for the switch and for individual 
B-17 


ports. If VLANs are configured, reports on a per-VLAN basis. 


Lists IGMP groups, reports, queries, and port on which querier is 
B-19 


located. 


For each VLAN configured in the switch, lists 802.1Q VLAN ID and 
B-20 


up/down status. 


Shows port utilization and counters, and the Alert Log. 
B-22 
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Menu Access To Status and Counters 


Beginning at the Main Menu, display the Status and Counters menu by select­ 
ing: 


1. Status and Counters 


Figure B-1. The Status and Counters Menu 


Each of the above menu items accesses the read-only screens described on 
the following pages. Refer to the online help for a description of the entries 
displayed in these screens. 
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General System Information 


Menu Access
 


From the console Main Menu, select:
 


1. Status and Counters 


1. General System Information 


Figure B-2. Example of General Switch Information 


This screen dynamically indicates how individual switch resources are being 
used. See the online Help for details. 


CLI Access
 


Syntax: 
show system-information
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Switch Management Address Information 


Menu Access
 


From the Main Menu, select:
 


1 Status and Counters . . . 


2. Switch Management Address Information 


Figure B-3. Example of Management Address Information with VLANs Configured 


This screen displays addresses that are important for management of the 
switch. If multiple VLANs are not configured, this screen displays a single IP 
address for the entire switch. See the online Help for details. 


CLI Access
 


Syntax: 
show management
 


B-6 


Monitoring and Analyzing Switch Operation 


Status and Counters Data 


Module Information 


Use this feature to determine which slots have modules installed and which 
type(s) of modules are installed. 


Menu: Displaying Port Status 


From the Main Menu, select: 


1. Status and Counters . . . 


3. Module Information 


Figure B-4. Example of Module Information in the Menu Interface 


CLI Access
 


Syntax: 
show module
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Port Status 


The web browser interface and the console interface show the same port 
status data. 


Menu: Displaying Port Status 


From the Main Menu, select: 


1. Status and Counters . . . 


4. Port Status 


Figure B-5. Example of Port Status on the Menu Interface 


CLI Access
 


Syntax: 
show interfaces brief
 


Web Access 


1. 
Click on the Status tab. 


2. 
Click on Port Status. 
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Viewing Port and Trunk Group Statistics and Flow 
Control Status 


Feature 
Default 
Menu 
CLI 
Web 


viewing port and trunk statistics for all 
n/a 
page B-10 
page B-11 
page B-11 


ports, and flow control status 


viewing a detailed summary for a 
particular port or trunk 


n/a 
page B-10 
page B-11 
page B-11 


resetting counters 
n/a 
page B-10 
page B-11 
page B-11 


These features enable you to determine the traffic patterns for each port since 
the last reboot or reset of the switch. You can display: 


■	 
A general report of traffic on all LAN ports and trunk groups in the switch, 
along with the per-port flow control status (On or Off). 


■ 
A detailed summary of traffic on a selected port or trunk group. 


You can also reset the counters for a specific port. 


The menu interface and the web browser interface provide a dynamic display 
of counters summarizing the traffic on each port. The CLI lets you see a static 
“snapshot” of port or trunk group statistics at a particular moment. 


As mentioned above, rebooting or resetting the switch resets the counters to 
zero. You can also reset the counters to zero for the current session. This is 
useful for troubleshooting. See the “Note On Reset”, below. 


N o t e o n R e s e t 
The Reset action resets the counter display to zero for the current session, 
but does not affect the cumulative values in the actual hardware counters. (In 
compliance with the SNMP standard, the values in the hardware counters are 
not reset to zero unless you reboot the switch.) Thus, using the Reset action 
resets the displayed counters to zero for the current session only. Exiting from 
the console session and starting a new session restores the counter displays 
to the accumulated values in the hardware counters. 
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Menu Access to Port and Trunk Statistics 


To access this screen from the Main Menu, select: 


1. Status and Counters . . . 


4. Port Counters 


Figure B-6. Example of Port Counters on the Menu Interface 


To view details about the traffic on a particular port, use the [v] key to highlight 
that port number, then select Show Details. For example, selecting port A2 
displays a screen similar to figure B-7, below. 


Figure B-7. Example of the Display for Show details on a Selected Port 


This screen also includes the Reset action for the current session. (See the 
“Note on Reset” on page B-9.) 
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CLI Access To Port and Trunk Group Statistics 


To Display the Port Counter Summary Report. This command provides 
an overview of port activity for all ports on the switch. 


Syntax: 
show interfaces 


To Display a Detailed Traffic Summary for Specific Ports. This com­ 
mand provides traffic details for the port(s) you specify. 


Syntax: 
show interfaces [ethernet] < port-list > 


To Reset the Port Counters for a Specific Port. This command resets 
the counters for the specified ports to zero for the current session. (See the 
“Note on Reset” on page B-9.) 


Syntax: 
clear statistics < [ethernet] port-list > 


Web Browser Access To View Port and Trunk Group Statistics 


1. 
Click on the Status tab. 


2. 
Click on Port Counters. 


3.	 
To reset the counters for a specific port, click anywhere in the row for 
that port, then click on Refresh. 
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Viewing the Switch’s MAC Address Tables 


Feature 
Default 
Menu 
CLI 
Web 


viewing MAC addresses on all 
ports on a specific VLAN 


n/a 
page B-13 
page B-15 
— 


viewing MAC addresses on a 
specific port 


n/a 
page B-14 
page B-15 
— 


searching for a MAC address 
n/a 
page B-14 
page B-16 
— 


These features help you to view: 


■	 
The MAC addresses that the switch has learned from network devices 
attached to the switch 


■ 
The port on which each MAC address was learned 
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Menu Access to the MAC Address Views and Searches 


Per-VLAN MAC-Address Viewing and Searching. This feature lets you 
determine which switch port on a selected VLAN is being used to communi­ 
cate with a specific device on the network. The per-VLAN listing includes: 


■	 
The MAC addresses that the switch has learned from network devices 
attached to the switch 


■ 
The port on which each MAC address was learned 


1. 
From the Main Menu, select: 


1. Status and Counters 


5. VLAN Address Table 


2. 
The switch then prompts you to select a VLAN. 


3.	 
Use the Space bar to select the VLAN you want, then press [Enter]. The 
switch then displays the MAC address table for that VLAN: 


Figure B-8. Example of the Address Table 


To page through the listing, use Next page and Prev page. 
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Finding the Port Connection for a Specific Device on a VLAN. This 
feature uses a device’s MAC address that you enter to identify the port used 
by that device. 


1.	 
Proceeding from figure B-8, press [S] (for Search), to display the following 
prompt: 


Enter MAC address: _
 


2.	 
Type the MAC address you want to locate and press [Enter]. The address 
and port number are highlighted if found. If the switch does not find the 
MAC address on the currently selected VLAN, it leaves the MAC address 
listing empty. 


Located MAC 
Address and 
Corresponding 
Port Number 


Figure B-9. Example of Menu Indicating Located MAC Address 


3. 
Press [P] (for Prev page) to return to the full address table listing. 


Port-Level MAC Address Viewing and Searching. This feature displays 
and searches for MAC addresses on the specified port instead of for all ports 
on the switch. 


1. 
From the Main Menu, select: 


1. Status and Counters 


7. Port Address Table 
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Prompt for Selecting 
the Port To Search 


Figure B-10. Listing MAC Addresses for a Specific Port 


2.	 
Use the Space bar to select the port you want to list or search for MAC 
addresses, then press [Enter] to list the MAC addresses detected on that 
port. 


Determining Whether a Specific Device Is Connected to the Selected 
Port. Proceeding from step 2, above: 


1.	 
Press [S] (for Search), to display the following prompt: 


Enter MAC address: _ 


2.	 
Type the MAC address you want to locate and press [Enter]. The address is 
highlighted if found. If the switch does not find the address, it leaves the 
MAC address listing empty. 


3. 
Press [P] (for Prev page) to return to the previous per-port listing. 


CLI Access for MAC Address Views and Searches 


Syntax: 
show mac-address 
[vlan < vlan-id >] 
[ethernet]< port-list >] 
[< mac-addr >] 


To List All Learned MAC Addresses on the Switch, with The Port 
Number on Which Each MAC Address Was Learned. 


HPswitch> show mac-address
 


To List All Learned MAC Addresses on one or more ports, with Their 
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Corresponding Port Numbers. 
For example, to list the learned MAC 
address on ports A1 through A4 and port A6: 


HPswitch> show mac-address a1-a4,a6
 


To List All Learned MAC Addresses on a VLAN, with Their Port 
Numbers. This command lists the MAC addresses associated with the ports 
for a given VLAN. For example: 


HPswitch> show mac-address vlan 100
 


Not e	 
The switch operates with a multiple forwarding database architecture. For 
more on this topic, refer to “Duplicate MAC Addresses Across VLANs” on page 
C-19 


To Find the Port On Which the Switch Learned a Specific MAC 
Address. For example, to find the port on which the switch learns a MAC 
address of 080009-21ae84: 


Figure B-11. List the Port on which the Switch Deleted a MAC Address 
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Spanning Tree Protocol (STP) Information 


Menu Access to STP Data 


From the Main Menu, select: 


1. Status and Counters . . . 


8. Spanning Tree Information 


STP must be enabled on the switch to display the following data: 


Figure B-12. Example of Spanning Tree Information 


Use this screen to determine current switch-level STP parameter settings and 
statistics. 


You can use the Show ports action at the bottom of the screen to display port- 
level information and parameter settings for each port in the switch (including 
port type, cost, priority, operating state, and designated bridge) as shown in 
figure B-13. 
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Figure B-13. Example of STP Port Information 


CLI Access to STP Data 


This option lists the STP configuration, root data, and per-port data (cost, 
priority, state, and designated bridge). 


Syntax: 
show spanning-tree 


HPswitch> show spanning-tree
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Internet Group Management Protocol (IGMP) Status 


The switch uses the CLI to display the following IGMP status on a per-VLAN 
basis: 


Show Command 
Output 


show ip igmp	 
Global command listing IGMP status for all VLANs configured 
in the switch: 
• VLAN ID (VID) and name 
• Active group addresses per VLAN 
• Number of report and query packets per group 
• Querier access port per VLAN 


show ip igmp <vlan-id>	 
Per-VLAN command listing above IGMP status for specified 
VLAN (VID) 


show ip igmp group <ip-addr>	 Lists the ports currently participating in the specified group, 
with port type, Access type, Age Timer data and Leave Timer 
data. 


For example, suppose that show ip igmp listed an IGMP group address of 
224.0.1.22. You could get additional data on that group by executing the 
following: 


Figure B-14. Example of IGMP Group Data 
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VLAN Information 


The switch uses the CLI to display the following VLAN status: 


Syntax: 


Syntax: 


show vlan 


Lists:­ 
• Maximum number of VLANs to support­ 
• Existing VLANs­ 
• Status (static or dynamic)­ 
• Primary VLAN­ 


show vlan < vlan-id > 


For the specified VLAN, lists: 
• Name, VID, and status (static/dynamic) 
•	 Per-Port mode (tagged, untagged, forbid, no/ 
auto) 


• “Unknown VLAN” setting (Learn, Block, Disable) 
• Port status (up/down) 


For example, suppose that your switch has the following VLANs: 


Ports 
VLAN 
VID 


1 - 12 
DEFAULT_VLAN 
1 


1, 2 
VLAN-33 
33 


3, 4 
VLAN-44 
44 


The next three figures show how you could list data on the above VLANs. 
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Listing the VLAN ID (VID) and Status for ALL VLANs in the Switch. 


Figure B-15. Example of VLAN Listing for the Entire Switch 


Listing the VLAN ID (VID) and Status for Specific Ports. 


Because ports A1 
and A2 are not 
members of VLAN- 
44, it does not appear 
in this listing. 


Figure B-16. Example of VLAN Listing for Specific Ports 


Listing Individual VLAN Status. 


Figure B-17. Example of Port Listing for an Individual VLAN 
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Web Browser Interface Status Information 


The “home” screen for the web browser interface is the Status Overview 
screen, as shown below. As the title implies, it provides an overview of the 
status of the switch, including summary graphs indicating the network utili­ 
zation on each of the switch ports, symbolic port status indicators, and the 
Alert Log, which informs you of any problems that may have occurred on the 
switch. 


For more information on this screen, see chapter 5, ‘Using the HP Web 
Browser Interface’. 


Port 
Utilization 
Graphs 


Port Status 
Indicators 


Alert Log 


Figure B-18.Example of a Web Browser Interface Status Overview Screen€ 
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Port and Static Trunk Monitoring 
Features 


Port Monitoring Features 


Feature 
Default 
Menu 
CLI 
Web 


display monitoring 
configuration 


disabled 
page B-24 page B-26 page B-28 


configure the monitor port(s) ports: none 
page B-24 page B-26 page B-28 


selecting or removing ports none selected 
page B-24 page B-27 page B-28 


You can designate a port for monitoring incoming traffic of other ports and of 
static trunks on the switch. The switch monitors the network activity by 
copying all traffic inbound on the specified interfaces to the designated 
monitoring port, to which a network analyzer can be attached. 


Not e 
Port trunks cannot be used as a monitoring port. 


It is possible, when monitoring multiple interfaces in networks with high 
traffic levels, to copy more traffic to a monitor port than the link can support. 
In this case, some packets may not be copied to the monitor port. 
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Menu: Configuring Port and Static Trunk Monitoring 


This procedure describes configuring the switch for monitoring when moni­ 
toring is disabled. (If monitoring has already been enabled, the screens will 
appear differently than shown in this procedure.) 


1. 
From the Console Main Menu, Select: 


2. Switch Configuration... 


3. Network Monitoring Port 


Enable monitoring 
by setting this 
parameter to “Yes”. 


Figure B-19. The Default Network Monitoring Configuration Screen 


2. 
In the Actions menu, press [E] (for Edit). 


3.
 
If monitoring is currently disabled (the default) then enable it by pressing 
the Space bar (or [Y]) to select Yes. 


4. 
Press the downarrow key to display a screen similar to the following and 
move the cursor to the Monitoring Port parameter. 
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Move the cursor to the Monitoring Port parameter. 


Inbound Port and Trunk Monitoring (Only). 


Figure B-20. How To Select a Monitoring Port 


5. 
Use the Space bar to select the port to use for monitoring. 


6.
 
Use the downarrow key to move the cursor to the Action column for the 
individual ports and position the cursor at a port you want to monitor. 


7.
 
Press the Space bar to select Monitor for each port and trunk that you want 
monitored. (Use the downarrow key to move from one interface to the 
next in the Action column.) 


8.
 
When you finish selecting ports to monitor, press [Enter], then press [S] (for 
Save) to save your changes and exit from the screen. 


9. 
Return to the Main Menu. 
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CLI: Configuring Port and Static Trunk Monitoring 


Port and Static Trunk Monitoring Commands Used in This Section 


show monitor 
below 
mirror-port 
page B-26 


monitor 
page B-27 


You must use the following configuration sequence to configure port and static 
trunk monitoring in the CLI: 


1. 
Assign a monitoring (mirror) port. 


2. 
Designate the port(s) and static trunk(s) to monitor. 


Displaying the Monitoring Configuration. This command lists the port 
assigned to receive monitored traffic and the ports and/or trunks being 
monitored. 


Syntax: 
show monitor 


For example, if you assign port A6 as the monitoring port and configure the 
switch to monitor ports A1 - A3, show monitor displays the following: 


Port receiving monitored traffic. 


Monitored Ports 


Figure B-21. Example of Monitored Port Listing 


Configuring the Monitor Port. This command assigns or removes a mon­ 
itoring port, and must be executed from the global configuration level. Remov­ 
ing the monitor port disables port monitoring and resets the monitoring 
parameters to their factory-default settings. 


Syntax: 
[no] mirror-port [< port-num >] 


For example, to assign port A6 as the monitoring port: 


HPswitch(config)# mirror-port a6
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To turn off monitoring: 


HPswitch(config)# no mirror-port
 


Selecting or Removing Ports and Static Trunks As Monitoring 
Sources. After you configure a monitor port you can use either the global 
configuration level or the interface context level to select ports and static 
trunks as monitoring sources. You can also use either level to remove moni­ 
toring sources. 


Syntax: 
[no] interface ethernet < monitor-list > 


where: < monitor-list > includes port numbers and static trunk names such 
as a4, c7, b5-b8, and trk1. 


Elements in the monitor list can include port numbers and static trunk names 
at the same time. 


For example, witha port such as port A6 configured as the monitoring (mirror) 
port, you would use either of the following commands to select these ports 
and static trunks for monitoring: 


• 
A1 through A3, and A5 


• 
Trunks 1 and 2 


From the global 
config level, 
selects ports 
and trunks for 
monitoring 
sources. 
Selects the interface context level, then 
selects the ports as monitoring sources. 


Figure B-22. Examples of Selecting Ports and Static Trunks as Monitoring Sources 


These two commands 
show how to disable 
monitoring at the 
interface context level for 
a single port or all ports in 
an interface context level. 


These two commands show how to disable monitoring at 
the global config level for a single port or a group of ports . 


Figure B-23. Examples of Removing Ports as Monitoring Sources 
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Web: Configuring Port Monitoring 


To enable port monitoring: 


1. 
Click on the Configuration tab. 


2. 
Click on Monitor Port. 


3. 
To monitor one or more ports. 


a. 
Click on the radio button for Monitor Selected Ports. 


b. Select the port(s) to monitor. 


4. 
Click on Apply Changes. 


To remove port monitoring: 


1. 
Click on the Monitoring Off radio button. 


2. 
Click on Apply Changes. 


For web-based Help on how to use the web browser interface screen, click on 
the [?] button provided on the web browser screen. 
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Overview 


This chapter addresses performance-related network problems that can be 
caused by topology, switch configuration, and the effects of other devices or 
their configurations on switch operation. (For switch-specific information on 
hardware problems indicated by LED behavior, cabling requirements, and 
other potential hardware-related problems, refer to the installation guide you 
received with the switch.) 


Not e	 
HP periodically places switch software updates on the HP ProCurve web site. 
HP recommends that you check this web site for software updates that may 
have fixed a problem you are experiencing. 


For information on support and warranty provisions, see the Support and 
Warranty booklet shipped with the switch. 


Troubleshooting Approaches 


Use these approaches to diagnose switch problems: 


■	 
Check the HP ProCurve web site – the web site may have software 
updates or other information to help solve your problem: 


http://www.hp.com/go/hpprocurve 


■	 
Check the switch LEDs – The LEDs on the switch are a fundamental 
diagnostic tool. They provide indications of proper switch operation and 
of any hardware faults that may have occurred: 


•
 
Each switch port has a Link LED that should light whenever an active 
network device is connected to the port. 


•
 
Problems with the switch hardware and software are indicated by 
flashing the Fault and other switch LEDs. 


See the Installation Guide shipped with the switch for a description 
of the LED behavior and information on using the LEDs for trouble- 
shooting. 


■	 
Check the network topology/installation – See the Installation Guide 
shipped with the switch for topology information. 
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Troubleshooting Approaches 


■	 
Check the network cables – Cabling problems are a frequent cause of 
network faults. Check the cables for damage, correct type, and proper 
connections. You should also use a cable tester to check your cables for 
compliance to the relevant IEEE 802.3 specification. See the Installation 
Guide shipped with the switch for correct cable types and connector pin- 
outs. 


■ 
Use the software tools: 


•
 
Web Browser Interface – Use the Port Utilization Graph and Alert 
Log in the web browser interface included in the switch to help isolate 
problems. See Chapter 5, “Using the HP Web Browser Interface” for 
operating information. These tools are available through the web 
browser interface: 
– 
Port Utilization Graph 


– 
Alert 
Log 


– 
Port Status and Port Counters screens 


– 
Diagnostic tools (Link test, Ping test, configuration file browser) 


•
 
Switch Console – For help in isolating problems, use the easy-to- 
access switch console built into the switch or Telnet to the switch 
console. See chapter 2, “Using the Menu Interface” and chapter 3, 
“Using the Command Line Interface (CLI)” for console operation 
information. These tools are available through the switch console: 
– 
Status and Counters screens 


– 
Event Log 


–
 
Diagnostics tools (Link test, Ping test, configuration file browser, 
and advanced user commands) 


•
 
HP TopTools for Hubs & Switches – Use HP TopTools for Hubs & 
Switches (if installed on your network) to help isolate problems and 
recommend solutions. HP TopTools is shipped at no extra cost with 
your switch. 


Not e	 
Although TopTools recognizes the Switch 2626 as an SNMP device, custom­ 
ized device management is not supported for the Switch 2626 in HP TopTools 
for hubs and switches. 
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Browser or Telnet Access Problems 


Cannot access the web browser interface: 


■	 
Access may be disabled by the Web Agent Enabled parameter in the switch 
console. Check the setting on this parameter by selecting: 


2. Switch Configuration . . . 


1. System Information 


■	 
The switch may not have the correct IP address, subnet mask or gateway. 
Verify by connecting a console to the switch’s Console port and selecting: 


2. Switch Configuration . . . 


5. IP Configuration 


Note: If DHCP/Bootp is used to configure the switch, the IP addressing 
can be verified by selecting: 


1. Status and Counters . . . 


2. Switch Management Address Information 


also check the DHCP/Bootp server configuration to verify correct IP 
addressing. 


■	 
If you are using DHCP to acquire the IP address for the switch, the IP 
address “lease time” may have expired so that the IP address has changed. 
For more information on how to “reserve” an IP address, refer to the 
documentation for the DHCP application that you are using. 


■	 
If one or more IP-Authorized managers are configured, the switch allows 
web browser access only to a device having an authorized IP address. For 
more information on IP Authorized managers, see the Access Security 
Guide for your switch. 


■	 
Java™ applets may not be running on the web browser. They are required 
for the switch web browser interface to operate correctly. See the online 
Help on your web browser for how to run the Java applets. 
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Cannot Telnet into the switch console from a station on the network: 


■	 
Telnet access may be disabled by the Inbound Telnet Enabled parameter in 
the System Information screen of the menu interface: 


2. Switch Configuration 


1. System Information 


■	 
The switch may not have the correct IP address, subnet mask, or gateway. 
Verify by connecting a console to the switch’s Console port and selecting: 


2. Switch Configuration 


5. IP Configuration 


Note: If DHCP/Bootp is used to configure the switch, see the Note, above. 


■	 
If you are using DHCP to acquire the IP address for the switch, the IP 
address “lease time” may have expired so that the IP address has changed. 
For more information on how to “reserve” an IP address, refer to the 
documentation for the DHCP application that you are using. 


■	 
If one or more IP-Authorized managers are configured, the switch allows 
inbound telnet access only to a device having an authorized IP address. 
For more information on IP Authorized managers, see the Access Security 
Guide for your switch. 
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Unusual Network Activity 


Network activity that fails to meet accepted norms may indicate a hardware 
problem with one or more of the network components, possibly including the 
switch. Such problems can also be caused by a network loop or simply too 
much traffic for the network as it is currently designed and implemented. 
Unusual network activity is usually indicated by the LEDs on the front of the 
switch or measured with the switch console interface or with a network 
management tool such as the HP TopTools for Hubs & Switches. Refer to the 
Installation Guide you received with the switch for information on using 
LEDs to identify unusual network activity. 


A topology loop can also cause excessive network activity. The event log “FFI” 
messages can be indicative of this type of problem. 


General Problems 


The network runs slow; processes fail; users cannot access servers or 
other devices. Broadcast storms may be occurring in the network. These 
may be due to redundant links between nodes. 


•
 
If you are configuring a port trunk, finish configuring the ports in the 
trunk before connecting the related cables. Otherwise you may inad­ 
vertently create a number of redundant links (i.e. topology loops) that 
will cause broadcast storms. 


•
 
Turn on Spanning Tree Protocol to block redundant links (i.e. topol­ 
ogy loops) 


• 
Check for FFI messages in the Event Log. 


Duplicate IP Addresses. This is indicated by this Event Log message: 


ip: Invalid ARP source: IP address on IP address 


where: both instances of IP address are the same address, indicating the 
switch’s IP address has been duplicated somewhere on the network. 


Duplicate IP Addresses in a DHCP Network. If you use a DHCP server 
to assign IP addresses in your network and you find a device with a valid IP 
address that does not appear to communicate properlywith the server orother 
devices, a duplicate IP address may have been issued by the server. This can 
occur if a client has not released a DHCP-assigned IP address after the 
intended expiration time and the server“leases” the address to another device. 
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This can also happen, for example, if the server is first configured to issue IP 
addresses with an unlimited duration, then is subsequently configured to issue 
IP addresses that will expire after a limited duration. One solution is to 
configure “reservations” in the DHCP server for specific IP addresses to be 
assigned to devices having specific MAC addresses. For more information, 
refer to the documentation for the DHCP server. 


One indication of a duplicate IP address in a DHCP network is this Event Log 
message: 


ip: Invalid ARP source: IP address on IP address 


where: both instances of IP address are the same address, indicating the 
IP address that has been duplicated somewhere on the network. 


The Switch Has Been Configured for DHCP/Bootp Operation, But Has 
Not Received a DHCP or Bootp Reply. When the switch is first config­ 
ured for DHCP/Bootp operation, or if it is rebooted with this configuration, it 
immediatelybegins sending request packets on the network. If the switch does 
not receive a reply to its DHCP/Bootp requests, it continues to periodically 
send request packets, but with decreasing frequency. Thus, if a DHCP or Bootp 
server is not available or accessible to the switch when DHCP/Bootp is first 
configured, the switch may not immediately receive the desired configuration. 
After verifying that the server has become accessible to the switch, reboot the 
switch to re-start the process. 


Prioritization Problems 


Ports configured for non-default prioritization (level 1 - 7) are not 
performing the specified action. If the ports were placed in a trunk group 
after being configured for non-default prioritization, the priority setting was 
automatically reset to zero (the default). Ports in a trunk group operate only 
at the default priority setting. 


CDP Problems 


The switch does not appear in the CDP Neighbors table of an adjacent 
CDP Device. This may be due to any of the following: 


■	 
Either the port connecting the switch to the adjacent device is not a 
member of an untagged VLAN or any Untagged VLAN to which the 
port belongs does not have an IP address. 
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■	 
If there is more than one physical path between the switch and the 
other CDP device and STP is running on the switch, then STP will 
block the redundant link(s). In this case, the switch port on the 
remaining open link may not be a member of an untagged VLAN, or 
any untagged VLANs to which the port belongs may not have an IP 
address. 


■	 
The adjacent device’s CDP Neighbors table may be full. Refer to the 
documentation provided for the adjacent CDP device to determine 
the table’s capacity, and then view the device’s Neighbors table to 
determine whether it is full. 


One or more CDP neighbors appear intermittently or not at all in the 
switch’s CDP Neighbors table. This may be caused by more than 60 neigh- 
boring devices sending CDP packets to the switch. Exceeding the 60-neighbor 
limit can occur, for example, where multiple neighbors are connected to the 
switch through non-CDP devices such as many hubs. 


The Same CDP Switch or Router Appears on More Than One Port in 
the CDP Neighbors Table. Where CDP is running, a switch or router that is 
the STP root transmits outbound CDP packets over all links, including redun­ 
dant links that STP may be blocking in non-root devices. In this case, the non- 
root device shows an entry in its CDP Neighbors table for every port on which 
it receives a CDP packet from the root device. See “Effect of Spanning Tree 
(STP) On CDP Packet Transmission” on page 11-35. 


IGMP-Related Problems 


IP Multicast (IGMP) Traffic That Is Directed By IGMP Does Not Reach 
IGMP Hosts or a Multicast Router Connected to a Port. IGMP must 
be enabled on the switch and the affected port must be configured for “Auto” 
or “Forward” operation. 


IP Multicast Traffic Floods Out All Ports; IGMP Does Not Appear To 
Filter Traffic. The IGMP feature does not operate if the switch orVLAN does 
not have an IP address configured manually or obtained through DHCP/Bootp. 
To verify whether an IP address is configured for the switch or VLAN, do either 
of the following: 


■	 
Try Using the Web Browser Interface: If you can access the web 
browser interface, then an IP address is configured. 


■ 
Try To Telnet to the Switch Console: If you can Telnet to the switch, 
then an IP address is configured. 
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■	 
Using the Switch Console Interface: From the Main Menu, check the 
Management Address Information screen by clicking on 


1. Status and Counters 


2. Switch Management Address Information 


LACP-Related Problems 


Unable to enable LACP on a port with the interface [e] < port-number > lacp 
command. In this case, the switch displays the following message: 


Operation is not allowed for a trunked port.
 


You cannot enable LACP on a port while it is configured as static Trunk or FEC­ 
trunked port. To enable LACP on static-trunked port, first use the 
no trunk [e] < port-number > command to disable the static trunk assignment, 
then execute interface [e] < port-number > lacp.	 


C a u t i o n 
Removing a port from a trunk without first disabling the port can create a 
traffic loop that can slow down or halt your network. Before removing a port 
from a trunk, HP recommends that you either disable the port or disconnect 
it from the LAN. 


Port-Based Access Control (802.1X)-Related Problems 


Note	 
To list the 802.1X port-access Event Log messages stored on the switch, use 
show log 802. 


See also “Radius-Related Problems” on page C-12. 


The switch does not receive a response to RADIUS authentication 
requests. In this case, the switch will attempt authentication using the 
secondary method configured for the type of access you are using (console, 
Telnet, or SSH). 


There can be several reasons for not receiving a response to an authentication 
request. Do the following: 


■	 
Use ping to ensure that the switch has access to the configured RADIUS 
servers. 


■	 
Verify that the switch is using the correct encryption key (RADIUS secret 
key) for each server. 


■ 
Verify that the switch has the correct IP address for each RADIUS server. 
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■	 
Ensure that the radius-server timeout period is long enough for network 
conditions. 


The switch does not authenticate a client even though the RADIUS 
server is properly configured and providing a response to the 
authentication request. If the RADIUS server configuration for authenti­ 
cating the client includes a VLAN assignment, ensure that the VLAN exists as 
a static VLAN on the switch. See “How 802.1X Authentication Affects VLAN 
Operation” in the Access Security Guide for your switch. 


During RADIUS-authenticated client sessions, access to a VLAN on the 
port used for the client sessions is lost. If the affected VLAN is config­ 
uredas untagged on the port,it may be temporarily blocked onthat port during 
an 802.1X session. This is because the switch has temporarily assigned another 
VLAN as untagged on the port to support the client access, as specified in the 
response from the RADIUS server. See “How 802.1X Authentication Affects 
VLAN Operation” in the Access Security Guide for your switch. 


The switch appears to be properly configured as a supplicant, but 
cannot gain access to the intended authenticator port on the switch 
to which it is connected. If aaa authentication port-access is configured for 
Local, ensure that you have entered the local login (operator-level) username 
and password of the authenticator switch into the identity and secret parame­ 
ters of the supplicant configuration. If instead, you enter the enable (manager- 
level) username and password, access will be denied. 


The supplicant statistics listing shows multiple ports with the same 
authenticator MAC address. The link to the authenticator may have been 
moved from one port to another without the supplicant statistics having been 
cleared from the first port. Refer to the “Note on Supplicant Statistics” in the 
Access Security Guide for your switch. 


The show port-access authenticator < port-list > command shows one or more 
ports remain open after they have been configured with control 
unauthorized. 802.1X is not active on the switch. After you execute aaa port- 
access authenticator active, all ports configured with control unauthorized 
should be listed as Closed. 
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Port A9 shows an “Open” status even 
though Access Control is set to 
Unauthorized (Force Auth). This is 
because the port-access 
authenticator has not yet been 
activated. 


Figure C-1. Example of a Port Remaining Open After Being Configured with “Control Unauthorized” 


RADIUS server fails to respond to a request for service, even though 
the server’s IP address is correctly configured in the switch. Use 
show radius to verify that the encryption key (RADIUS secret key) the switch 
is using is correct for the server being contacted. If the switch has only a global 
key configured, then it either must match the server key or you must configure 
a server-specific key. If the switch already has a server-specific key assigned 
to the server’s IP address, then it overrides the global key and must match the 
server key. 


Global RADIUS Encryption Key 


Unique RADIUS Encryption Key for 
the RADIUS server at 10.33.18.119 


Figure C-2.	 Example of How To List the Global and Server-Specific Radius 
Encryption Keys 
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Also, ensure that the switch port used to access the RADIUS server is not 
blocked by an 802.1X configuration on that port. For example, show port- 
access authenticator < port-list > gives you the status for the specified ports. 
Also, ensure that other factors, such as port security or any 802.1X configura­ 
tion on the RADIUS server are not blocking the link. 


The authorized MAC address on a port that is configured for both 
802.1X and port security either changes or is re-acquired after 
execution of aaa port-access authenticator < port-list > initialize. If the port is 
force-authorized withaaa port-access authenticator<port-list> control authorized 
command and port security is enabled on the port, then executing initialize 
causes the port to clear the learned address and learn a new address from the 
first packet it receives after you execute initialize. 


A trunked port configured for 802.1X is blocked. If you are using 
RADIUS authentication and the RADIUS server specifies a VLAN for the port, 
the switch allows authentication, but blocks the port. To eliminate this prob­ 
lem, either remove the port from the trunk or reconfigure the RADIUS server 
to avoid specifying a VLAN. 


Radius-Related Problems 


The switch does not receive a response to RADIUS authentication 
requests. In this case, the switch will attempt authentication using the 
secondary method configured for the type of access you are using (console, 
Telnet, or SSH). 


There can be several reasons for not receiving a response to an authentication 
request. Do the following: 


■	 
Use ping to ensure that the switch has access to the configured RADIUS 
server. 


■	 
Verify that the switch is using the correct encryption key for the desig­ 
nated server. 


■ 
Verify that the switch has the correct IP address for the RADIUS server. 


■	 
Ensure that the radius-server timeout period is long enough for network 
conditions. 


■ 
Verify that the switch is using the same UDP port number as the server. 


RADIUS server fails to respond to a request for service, even though 
the server’s IP address is correctly configured in the switch. Use 
show radius to verify that the encryption key the switch is using is correct for 
the server being contacted. If the switch has only a global key configured, then 
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it either must match the server key or you must configure a server-specific 
key. If the switch already has a server-specific key assigned to the server’s IP 
address, then it overrides the global key and must match the server key. 


Global RADIUS Encryption Key 


Unique RADIUS Encryption Key 
for the RADIUS server at 
10.33.18.119 


Figure C-3. Examples of Global and Unique Encryption Keys 


Spanning-Tree Protocol (STP) and Fast-Uplink 
Problems 


C a u t i o n 
If you enable STP, it is recommended that you leave the remainder of the STP 
parameter settings at their default values until you have had an opportunity 
to evaluate STP performance in your network. Because incorrect STP settings 
can adversely affect network performance, you should avoid making changes 
without having a strong understanding of how STP operates. To learn the 
details of STP operation, refer to the IEEE 802.1D standard. 


Broadcast Storms Appearing in the Network. This can occur when 
there are physical loops (redundant links) in the topology.Where this exists, 
you should enable STP on all bridging devices in the topology in order for the 
loop to be detected. 


STP Blocks a Link in a VLAN Even Though There Are No Redundant 
Links in that VLAN. In 802.1Q-compliant devices such as the switches cov­ 
ered by this guide, STP blocks redundant physical links even if they are in 
separate VLANs. A solution is to use only one, multiple-VLAN (tagged) link 
between the devices. Also, if ports are available, you can improve the band- 
width in this situation by using a port trunk. See “Spanning Tree Operation 
with VLANs” on page 12-30. 
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Fast-Uplink Troubleshooting. Some of the problems that can result from 
incorrect usage of Fast-Uplink STP include temporary loops and generation 
of duplicate packets. 


Problem sources can include: 


■ 
Fast-Uplink is configured on a switch that is the STP root device. 


■	 
Either the Hello Time or the Max Age setting (or both) is too long on one or 
more switches. Return the Hello Time and Max Age settings to their default 
values (2 seconds and 20 seconds, respectively, on a switch). 


■	 
A “downlink” port is connected to a switch that is further away (in hop 
count) from the root device than the switch port on which fast-uplink STP 
is configured. 


■	 
Two edge switches are directly linked to each other with a fast-uplink 
(Mode = Uplink) connection. 


■ 
Fast uplink is configured on both ends of a link. 


■	 
A switch serving as a backup STP root switch has ports configured for 
fast-uplink STP and has become the root device due to a failure in the 
original root device. 


SSH-Related Problems 


Switch access refused to a client. Even though you have placed the cli­ 
ent’s public key in a text file and copied the file (using the copy tftp pub-key- 
file command) into the switch, the switch refuses to allow the client to have 
access. If the source SSH client is an SSHv2 application, the public key may 
be in the PEM format, which the switch (SSHv1) does not interpret. Check the 
SSH client application for a utility that can convert the PEM-formatted key 
into an ASCII-formatted key. 


Executing ip ssh does not enable SSH on the switch. The switch does 
not have a host key. Verify by executing show ip host-public-key. If you see 
the message 


ssh cannot be enabled until a host key is configured 
(use 'crypto' command). 


then you need to generate an SSH key pair for the switch. To do so, execute 
crypto key generate. (Refer to “2. Generating the Switch’s Public and Private 
Key Pair” in the Access Security Guide for your switch.) 
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Switch does not detect a client’s public key that does appear in the 
switch’s public key file (show ip client-public-key). The client’s public key 
entry in the public key file may be preceded by another entry that does not 
terminate with a new line (CR). In this case, the switch interprets the next 
sequential key entry as simply a comment attached to the preceding key entry. 
Where a public key file has more than one entry, ensure that all entries 
terminate with a new line (CR). While this is optional for the last entry in the 
file, not adding a new line to the last entry creates an error potential if you 
either add another key to the file at a later time or change the order of the keys 
in the file. 


An attempt to copy a client public-key file into the switch has failed 
and the switch lists one of the following messages. 


Download failed: overlength key in key file. 


Download failed: too many keys in key file. 


Download failed: one or more keys is not a valid RSA 
public key. 


The public key file you are trying to download has one of the following 
problems: 


■	 
A key in the file is too long. The maximum key length is 1024 characters, 
including spaces. This could also mean that two or more keys are merged 
together instead of being separated by a <CR><LF>. 


■ 
There are more than ten public keys in the key file. 


■ 
One or more keys in the file is corrupted or is not a valid rsa public key. 


Client ceases to respond (“hangs”) during connection phase. The 
switch does not support data compression in an SSH session. Clients will often 
have compression turned on by default, but will disable it during the negotia­ 
tion phase. A client which does not recognize the compression-request FAIL­ 
URE response may fail when attempting to connect. Ensure that compression 
is turned off before attempting a connection to prevent this problem. 


Stacking-Related Problems 


The Stack Commander Cannot Locate any Candidates. Stacking oper­ 
ates on the primary VLAN, which in the default configuration is the 
DEFAULT_VLAN. However, if another VLAN has been configured as the 
primary VLAN, and the Commander is not on the primary VLAN, then the 
Commander will not detect Candidates on the primary VLAN. 
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TACACS-Related Problems 


Event Log. When troubleshooting TACACS+ operation, check the switch’s 
Event Log for indications of problem areas. 


All Users Are Locked Out of Access to the Switch. If the switch is func­ 
tioning properly, but no username/password pairs result in console or Telnet 
access to the switch, the problem may be due to how the TACACS+ server 
and/or the switch are configured. Use one of the following methods to recover: 


■	 
Access the TACACS+ server application and adjust or remove the 
configuration parameters controlling access to the switch. 


■	 
If the above method does not work, try eliminating configuration 
changes in the switch that have not been saved to flash (boot-up 
configuration) by causing the switch to reboot from the boot-up 
configuration (which includes only the configuration changes made 
prior to the last write memory command.) If you did not use write 
memory to save the authentication configuration to flash, then 
pressing the Reset button or cycling the power reboots the switch 
with the boot-up configuration. 


■	 
Disconnect the switch from network access to any TACACS+ servers 
and then log in to the switch using either Telnet or direct console port 
access. Because the switch cannot access a TACACS+ server, it will 
default to local authentication. You can then use the switch’s local 
Operator or Manager username/password pair to log on. 


■	 
As a last resort, use the Clear/Reset button combination to reset the 
switch to its factory default boot-up configuration. Taking this step 
means you will have to reconfigure the switch to return it to operation 
in your network. 


No Communication Between the Switch and the TACACS+ Server 
Application. If the switch can access the server device (that is, it can ping 
the server), then a configuration error may be the problem. Some possibilities 
include: 


■	 
The server IP address configured with the switch’s tacacs-server host 
command may not be correct. (Use the switch’s show tacacs-server 
command to list the TACACS+ server IP address.) 
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■	 
The encryption key configured in the server does not match the 
encryption key configured in the switch (by using the tacacs-server 
key command). Verify the key in the server and compare it to the key 
configured in the switch. (Use show tacacs-server tolist the global key. 
Use show config or show config running to list any server-specific keys.) 


■	 
The accessible TACACS+ servers are not configured to provide 
service to the switch. 


Access Is Denied Even Though the Username/Password Pair Is 
Correct. Some reasons for denial include the following parameters 
controlled by your TACACS+ server application: 


■ 
The account has expired. 


■	 
The access attempt is through a port that is not allowed for the 
account. 


■ 
The time quota for the account has been exhausted. 


■ 
The time credit for the account has expired. 


■	 
The access attempt is outside of the time frame allowed for the 
account. 


■	 
The allowed number of concurrent logins for the account has been 
exceeded 


For more help, refer to the documentation provided with your TACACS+ 
server application. 


Unknown Users Allowed to Login to the Switch. Your TACACS+ appli­ 
cation may be configured to allow access to unknown users by assigning them 
the privileges included in a default user profile. Refer to the documentation 
provided with your TACACS+ server application. 


System Allows Fewer Login Attempts than Specified in the Switch 
Configuration. Your TACACS+ server application may be configured to 
allow fewer login attempts than you have configured in the switch with the 
aaa authentication num-attempts command. 
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TimeP, SNTP, or Gateway Problems 


The Switch Cannot Find the Time Server or the Configured Gateway . 


TimeP, SNTP, and Gateway access are through the primary VLAN, which in 
the default configuration is the DEFAULT_VLAN. If the primary VLAN has 
been moved to another VLAN, it may be disabled or does not have ports 
assigned to it. 


VLAN-Related Problems 


Monitor Port. When using the monitor port in a multiple VLAN environ­ 
ment, the switch handles broadcast, multicast, and unicast traffic output from 
the monitor port as follows: 


■	 
If the monitor port is configured for tagged VLAN operation on the same 
VLAN as the traffic from monitored ports, the traffic output from the 
monitor port carries the same VLAN tag. 


■	 
If the monitor port is configured for untagged VLAN operation on the same 
VLAN as the traffic from the monitored ports, the traffic output from the 
monitor port is untagged. 


■	 
If the monitor port is not a member of the same VLAN as the traffic from 
the monitored ports, traffic from the monitored ports does not go out the 
monitor port. 


None of the devices assigned to one or more VLANs on an 802.1Q- 
compliant switch are being recognized. If multiple VLANs are being used 
on ports connecting 802.1Q-compliant devices, inconsistent VLAN IDs may 
have been assigned to one or more VLANs. For a given VLAN, the same VLAN 
ID must be used on all connected 802.1Q-compliant devices. 


Link Configured for Multiple VLANs Does Not Support Traffic for One 
or More VLANs. One or more VLANs may not be properly configured as 
“Tagged” or “Untagged”. A VLAN assigned to a port connecting two 802.1Q- 
compliant devices must be configured the same on both ports. For example, 
VLAN_1 and VLAN_2 use the same link between switch “X” and switch “Y”. 
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Switch “Y” 
Switch “X” 


Link supporting VLAN_1 
and VLAN_2 


VLAN Port Assignment 


Port VLAN_1 
VLAN_2 


X-3 
Untagged Tagged 


Port X-3 
Port Y- 7 


VLAN Port Assignment 


Port VLAN_1 
VLAN_2 


Y-7 
Untagged Tagged 


Figure C-4. Example of Correct VLAN Port Assignments on a Link 


1. 
If VLAN_1 (VID=1) is configured as “Untagged” on port 3 on switch “X”, 
then it must also be configured as “Untagged” on port 7 on switch “Y”. 
Make sure that the VLAN ID (VID) is the same on both switches. 


2.
 
Similarly, if VLAN_2 (VID=2) is configured as “Tagged on the link port on 
switch “A”, then it must also be configured as “Tagged” on the link port 
on switch “B”. Make sure that the VLAN ID (VID) is the same on both 
switches. 


Duplicate MAC Addresses Across VLANs. The switch operates with mul­ 
tiple forwarding databases. Thus, duplicate MAC addresses occurring on 
different VLANs can appear where a device having one MAC address is a 
member of more than one 802.1Q VLAN, and the switch port to which the 
device is linked is using VLANs (instead of STP or trunking) to establish 
redundant links to another switch. If the other device sends traffic over 
multiple VLANs, its MAC address will consistently appear in multiple VLANs 
on the switch port to which it is linked. 


Note that attempting to create redundant paths through the use of VLANs will 
cause problems with some switches. One symptom is that a duplicate MAC 
address appears in the Port Address Table of one port, and then later appears 
on another port. While the switch has multiple forwarding databases, and thus 
does not have this problem, some switches with a single forwarding database 
for all VLANs may produce the impression that a connected device is moving 
among ports because packets with the same MAC address but different VLANs 
are received on different ports. You can avoid this problem by creating 
redundant paths using port trunks or spanning tree. 
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Server 


HP ProCurve 
Switches Covered 
by this Guide 


(Multiple 
Forwarding 
Database) 


Switch with 
Single 
Forwarding 
Database 


MAC Address “A”; VLAN 1 


MAC Address “A”; VLAN 2 


Problem: This switch detects continual 
moves of MAC address “A” between ports. 


VLAN 1 


VLAN 2 


Figure C-5. Example of Duplicate MAC Address 
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Using Logging To Identify Problem 
Sources 


Event Log Operation 


The Event Log records operating events as single-line entries listed in chrono­ 
logical order, and serves as a tool for isolating problems. Each Event Log entry 
is composed of five fields: 


Severity 
Date 
Time 
System Module 
Event Message 


I 
ports: 
led 
10:52:32 
08/05/01 
port A1 enab 


Figure C-6. Anatomy of an Event Log Message 


Severity is one of the following codes: 


I 
(information) indicates routine events. 


W (warning) indicates that a service has behaved unexpectedly. 


C 
(critical) indicates that a severe switch error has occurred. 


D 
(debug) reserved for HP internal diagnostic information. 


Date is the date in mm/dd/yy format that the entry was placed in the log. 


Time is the time in hh:mm:ss format that the entry was placed in the log. 


System Module is the internal module (such as “ports” for port manager) that 
generated the log entry. If VLANs are configured, then a VLAN name also 
appears for an event that is specific to an individual VLAN. Table C-1 on page 
C-22 lists the individual modules. 


Event Message is a brief description of the operating event. 


The event log holds up to 1000 lines in chronological order, from the oldest to 
the newest. Each line consists of one complete event message. Once the log 
has received 1000 entries, it discards the current oldest line each time a new 
line is received. The event log window contains 14 log entry lines and can be 
positioned to any location in the log. 


The event log will be erased if power to the switch is interrupted. 
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(The event log is not erased by using the Reboot Switch command in the Main 
Menu.) 


Table C-1.Event Log System Modules 


Module 
Event Description 
Module 
Event Description 


addrMgr 
Address table 
mgr 
Console management 


chassis 
switch hardware 
ports 
Change in port status; static trunks 


bootp 
bootp addressing 
snmp 
SNMP communications 


console 
Console interface 
stack 
Stacking 


dhcp 
DHCP addressing 
stp 
Spanning Tree 


download 
file transfer 
sys, system 
Switch management 


FFI 
Find, Fix, and Inform -- available in the 
telnet 
Telnet activity 


console event log and web browser 
interface alert log 


garp 
GARP/GVRP 
tcp 
Transmission control 


igmp 
IP Multicast 
tftp 
File transfer for new OS or config. 


ip 
IP-related 
timep 
Time protocol 


ipx 
Novell Netware 
vlan 
VLAN operations 


lacp 
Dynamic LACP trunks 
Xmodem 
Xmodem file transfer 
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Menu: Entering and Navigating in the Event Log 


From the Main Menu, select Event Log. 


Range of Events in the Log 


Range of Log Events Displayed 


Log Status Line 


Figure C-7. Example of an Event Log Display 


The log status line at the bottom of the display identifies where in the 
sequence of event messages the display is currently positioned. 


To display various portions of the Event Log, either preceding or following the 
currently visible portion, use either the actions listed at the bottom of the 
display (Next page, Prev page, or End), or the keys described in the following 
table: 


Table C-2. 
Event Log Control Keys 


Key 
Action 


[N] 
Advance the display by one page (next page).
 


[P] 
Roll back the display by one page (previous page).
 


[v] 
Advance display by one event (down one line).
 


[^] 
Roll back display by one event (up one line).
 


[E] 
Advance to the end of the log.
 


[H] 
Display Help for the event log.
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CLI: 


Using the CLI, you can list 


■ 
Events recorded since the last boot of the switch 


■ 
All events recorded 


■	 
Event entries containing a specific keyword, either since the last boot or 
all events recorded 


Syntax: 
show logging [-a] [<search-text>] 


HPswitch> show logging
 


Lists recorded log messages since last reboot. 


HPswitch> show logging -a
 


Lists all recorded log messages, including those before the 
last reboot. 


HPswitch> show logging -a system
 


Lists log messages with “system” in the text or module 
name. 


HPswitch> show logging system
 


Lists all log messages since the last reboot that have 
“system” in the text or module name. 
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Debug and Syslog Operation 


You can direct switch debug (Event log) messages to these destinations: 


■ 
Up to six SyslogD servers 


■ 
One management-access session through: 


• 
A direct-connect console CLI session 


• 
A Telnet session 


• 
An SSH session 


Figure C-8. Example of Debug Output to a Console CLI Session 


Debug logging requires a logging destination (SyslogD server and/or a session 
type), and involves the logging and debug destination commands. Actions you 
can perform with Debug and Syslog operation include: 


■	 
Configure the switch to send Event Log messages to one or more SyslogD 
servers. Included is the option to send the messages to the user log facility 
(default) on the configured servers, or to another log facility. 


Not e	 
As of May, 2003, the logging facility < facility-name > option (described on the 
next page) is available only on the Series 2600 switches and the Switch 6108 
running software release H.07.30 or greater. For the latest feature information 
on HP ProCurve switches, visit the HP ProCurve website and check the latest 
release notes covering the switch products in which you have an interest. 


■	 
Configure the switch to send Event Log messages to the current manage­ 
ment-access session (serial-connect CLI, Telnet CLI, or SSH). 


■	 
Disable all Syslog debug logging while retaining the Syslog addresses from 
the switch configuration. This allows you to configure Syslog messaging 
and then disable and re-enable it as needed. 


■	 
Display the current debug configuration. If Syslog logging is currently 
active, this includes the Syslog server list. 


■	 
Display the current Syslog server list when Syslog logging is currently 
disabled. 
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Configuring the Switch To Send Debug Messages to One or More 
SyslogD Servers. Use the logging command to configure the switch to send 
Syslog messages to a SyslogD server, or to remove a SyslogD server from the 
switch configuration. 


Syntax: 
[no] logging < syslog-ip-address | facility < facility-name >> 


< syslog-ip-address > 


If there are no SyslogD servers configured, logging 
enters a SyslogD server IP address and automatically 
enables Syslog logging to the server. If at least one 
SyslogD server is already configured and Syslog logging 
has been disabled, you can still use logging < syslog-ip- 
addr > to add another SyslogD server, but Syslog logging 
remains disabled until you re-enable it with the debug 
destination logging command. While Syslog logging is 
enabled, the switch attempts to send Syslog messages to 
all configured SyslogD server addresses, and operates 
regardless of whether session logging is also enabled. 
(Default: none; Range: 1 - 6 IP addresses) 


facility < facility-name > 


The logging facility specifies the destination subsystem 
the SyslogD server(s) must use. (All configured SyslogD 
servers must use the same subsystem.) HP recommends 
the default (user) subsystem unless your application 
specifically requires another subsystem. Options 
include: 


user (the default) - Random user-level messages 
kern - Kernel messages 
mail - Mail system 
daemon - system daemons 
auth - security/authorization messages 
syslog - messages generated internally by Syslog 
lpr - line printer subsystem 
news - netnews subsystem 
uucp - uucp subsystem 
cron - cron/at subsystem 
sys9 - cron/at subsystem 
sys10 through sys14 - Reserved for system use 
local0 through local7 - Reserved for system use 


(For applicable switches, refer to the Note on page 
C-25.) 
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For example, on a switch where there are no SyslogD servers configured, you 
would do the following to configure SyslogD servers 18.120.38.155 and 
18.120.43.125 and automatically enable Syslog logging (with user as the default 
logging facility): 


logging < syslog-ip-addr > 
configures the Syslog 
server(s) to use and 
enables Syslog debug 
logging. (In this case, 
Syslog is automatically 
enabled because debug 
destination logging has 
not been previously 
disabled with other Syslog 
servers already 
configured in the switch. 
(Refer to the Syntax box 
under “Configuring the 
Switch To Send Debug 
Messages to One or More 
SyslogD Servers” on page 
C-26.) 


The configured Syslog server 
IP addresses appear in the 
switch’s configuration file. 


This command shows that 
Syslog logging is enabled for 
the listed IP addresses. 


Default Logging Facility 


Figure C-9. Example of Configuring and Enabling Syslog Logging 


To use a non-default logging facility, such as lpr, in the same operation as in 
figure C-9, you would use this command set: 


HPswitch(config)# logging 18.120.38.155
 
HPswitch(config)# logging 18.120.43.125
 
HPswitch(config)# logging facility lpr
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Enabling or Disabling Logging to Management Sessions and SyslogD 
Servers. Use this command when you want to do any of the following: 


■	 
Disable Syslog logging on all currently configured SyslogD servers with- 
out removing the servers from the switch configuration. 


■	 
Re-enable Syslog logging if it is disabled and there is at least one SyslogD 
server currently configured in the switch. 


■	 
Enable or disable logging output to the current management-access ses­ 
sion. 


Syntax: 
[no] debug destination < logging | session > 


logging 


The no form of the command disables Syslog logging, 
but retains the currently configured SyslogD server 
addresses in the switch configuration.When Syslog log­ 
ging is currently disabled with one or more SyslogD 
servers configured, this command enables Syslog log­ 
ging on the switch. The show config command output 
includes the SyslogD server IP addresses currently con- 
figured in the startup-config file. 


session 


Enables and disables debug logging to the current ses­ 
sion. The “current session” is the session that most 
recently executed debug destination session on the switch 
(since the last reboot). This makes it easy to move 
session logging from one session to another. 


For example, figure C-10 shows the process for checking the current Syslog 
status and then disabling Syslog logging. 
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Shows that Syslog (Destination) logging is 
enabled and transmitting log messages to IP 
address 18.120.38.155. Also shows that the 
logging facility is set to user (the default), and 
that session logging is enabled.) 


Disables Syslog logging (but retains the 
Syslog IP address in the switch 
configuration). Does not affect Session 
logging. 


Shows Syslog (Destination) logging now 
disabled. Session logging continues to 
operate. 


Figure C-10. Example of Disabling Syslog Operation 


Viewing Debug (Syslog and Session) Status. Use these commands to 
determine the current debug configuration and status: 


Syntax: 
show < config | running > 


Lists the current startup-config or running-config file, with 
any currently configured IP addresses for SyslogD servers. 


The configured Syslog server IP 
addresses appear in the switch’s 
configuration file, even if Syslog 
logging is disabled. 


Figure C-11. Example of Show Config Output with SyslogD Servers Configured 
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Syntax: 
show debug 


List the current debug status for both Syslog logging and 
Session logging. 


Shows that Syslog logging is enabled 
and sending event messages to the user 
facility on the SyslogD server at IP 
address 18.120.38.155. 


Shows that session logging is operating 
through another session. (You can take 
control of session logging by executing 
debug destination session in the 
session you are currently using.) 


Figure C-12. Example of Show Debug Status 


■	 
Rebooting the Switch or pressing the Reset button resets the 
Debug Configuration. 


Debug Option 
Effect of a Reboot or Reset 


logging (destination)	 If any SyslogD server IP addresses are in the startup-config file, 
they are saved across a reboot and the logging destination 
option remains enabled. Otherwise, the logging destination is 
disabled. 


Session (destination) Disabled. 


All (event type) 
Disabled. 


Event (event type) 
If a Syslog server is configured in the startup-config file, resets 
to enabled, regardless of prior setting. Disabled if no Syslog 
server is configured. 


■	 
Debug commands do not affect message output to the Event Log. 
As a separate option, invoking debug with the event option causes the 
switch to send Event Log messages to whatever debug destination(s) you 
configure (session and/or logging), as well as to the Event Log. 


■	 
Ensure that your Syslog server(s) will accept Debug messages. All 
Syslog messages the switch generates carry the configured facility. All 
Syslog messages resulting from debug operation carry a “debug” severity. 
If you configure the switch to transmit debug messages to a SyslogD 
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server, ensure that the server’s Syslog application is configured to accept 
the “debug” severity level. (The default configuration for some Syslog 
applications ignores the “debug” severity level.) 


■	 
A reboot temporarily suspends Syslog logging. After a reboot, the 
switch suspends configured Syslog logging for 30 seconds. 


Diagnostic Tools 


Diagnostic Features 


Feature 
Default 
Menu 
CLI 
Web 


Port Autonegotiation 
n/a 
n/a 
n/a 
n/a 


Ping Test 
n/a 
— 
page C-34 
page C-33 


Link Test 
n/a 
— 
page C-34 
page C-33 


Display Config File 
n/a 
— 
page C-36 
page C-36 


Admin. and Troubleshooting 
n/a 
— 
page C-39 
— 


Commands 


Factory-Default Config	 
page C-40 
(Buttons) 


— 
page C-40 
— 


Port Status 
n/a 
pages B-8 
and B-9 


pages B-8 
and B-9 


pages B-8 
and B-9 


Port Auto-Negotiation 


When a link LED does not light (indicating loss of link between two devices), 
the most common reason is a failure of port auto-negotiation between the 
connecting ports. If a link LED fails to light when you connect the switch to a 
port on another device, do the following: 


1.
 
Ensure that the switch port and the port on the attached end-node are 
both set to Auto mode. 


2.
 
If the attached end-node does not have an Auto mode setting, then you 
must manually configure the switch port to the same setting as the end- 
node port. See Chapter 10, “Optimizing Traffic Flow with Port Controls, 
Port Trunking, and Port-Based Priority”. 
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Ping and Link Tests 


The Ping test and the Link test are point-to-point tests between your switch 
and another IEEE 802.3-compliant device on your network. These tests can 
tell you whether the switch is communicating properly with another device. 


Not e	 
To respond to a Ping test or a Link test, the device you are trying to reach must 
be IEEE 802.3-compliant. 


Ping Test. This is a test of the path between the switch and another device 
on the same or another IP network that can respond to IP packets (ICMP Echo 
Requests). 


Link Test. This is a test of the connection between the switch and a desig­ 
nated network device on the same LAN (or VLAN, if configured). During the 
link test, IEEE 802.2 test packets are sent to the designated network device 
in the same VLAN or broadcast domain. The remote device must be able to 
respond with an 802.2 Test Response Packet. 
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Web: Executing Ping or Link Tests 


1. Click here. 


4. For a Ping test, enter 
the IP address of the 
target device. For a 
Link test, enter the 
MAC address of the 
target device. 


3. Select Ping Test (the 
default) or Link Test 


5. Select the number of tries (packets) and the timeout 
for each try from the drop-down menus. 


6. Click on Start to begin the test. 


2. Click here. 


Figure C-13.Link and Ping Test Screen on the Web Browser Interface 


Successes indicates the number of Ping or Link packets that successfully 
completed the most recent test. 


Failures indicates the number of Ping or Link packets that were unsuccessful 
in the last test. Failures indicate connectivity or network performance prob­ 
lems (such as overloaded links or devices). 


Destination IP/MAC Address is the network address of the target, or destination, 
device to which you want to test a connection with the switch. An IP address 
is in the X.X.X.X format where X is a decimal number between 0 and 255. A 
MAC address is made up of 12 hexadecimal digits, for example, 0060b0-080400. 


Number of Packets to Send is the number of times you want the switch to 
attempt to test a connection. 
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Timeout in Seconds is the number of seconds to allow per attempt to test a 
connection before determining that the current attempt has failed. 


To halt a Link or Ping test before it concludes, click on the Stop button. 
To reset the screen to its default settings, click on the Defaults button. 


CLI: Ping or Link Tests 


Ping Tests. You can issue single or multiple ping tests with varying repeti­ 
tions and timeout periods. The defaults and ranges are: 


■ 
Repetitions: 1 (1 - 999) 


■ 
Timeout: 5 seconds (1 - 256 seconds) 


Syntax: 
ping < ip-address > [repetitions < 1 - 999 >] [timeout < 1 - 256 >] 


Ping with 
Repetitions 
and Timeout 


Basic Ping 
Operation 


Ping Failure 


Ping with 
Repetitions 


Figure C-14. Examples of Ping Tests 


To halt a ping test before it concludes, press [Ctrl] [C]. 
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Link Tests. You can issue single or multiple link tests with varying repeti­ 
tions and timeout periods. The defaults are: 


■ 
Repetitions: 1 (1 - 999) 


■ 
Timeout: 5 seconds (1 - 256 seconds) 


Syntax: 
link < mac-address > [repetitions < 1 - 999 >] [timeout < 1 - 256 >] 
[vlan < vlan-id >] 


Basic Link Test 


Link Test with 
Repetitions 


Link Test with 
Repetitions and 
Timeout 


Link Test Over a 
Specific VLAN 


Link Test Over a 
Specific VLAN; 
Test Fail 


Figure C-15. Example of Link Tests 
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Displaying the Configuration File 


The complete switch configuration is contained in a file that you can browse 
from either the web browser interface or the CLI. It may be useful in some 
troubleshooting scenarios to view the switch configuration. 


CLI: Viewing the Configuration File 


Using the CLI, you can display either the running configuration or the startup 
configuration. (For more on these topics, see appendix C, “Switch Memory 
and Configuration”.) 


Syntax: 
write terminal 
Displays the running-config file. 


show running-config 


Displays the running-config file. 


show config 


Displays the startup-config file. 


Web: Viewing the Configuration File 


To display the running configuration, through the web browser interface: 


1. 
Click on the Diagnostics tab. 


2. 
Click on Configuration Report 


3. 
Use the right-side scroll bar to scroll through the configuration listing. 
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Listing Switch Configuration and Operation Details for Help 
in Troubleshooting 


Release G.04.05 and greater includes the show tech command. This command 
outputs, in a single listing, switch operating and running configuration details 
from several internal switch sources, including: 


■ 
Image stamp (software version data) 


■ 
Running configuration 


■ 
Event Log listing 


■ 
Boot History 


■ 
Port settings 


■ 
Status and counters — port status 


■ 
IP routes 


■ 
Status and counters — VLAN information 


■ 
GVRP support 


■ 
Load balancing (trunk and LACP) 


■ 
Stacking status — this switch 


■ 
Stacking status — all 


Syntax: 
show tech 


Executing show tech outputs a data listing to your terminal emulator. However, 
using your terminal emulator’s text capture features, you can also save show 
tech data to a text file for viewing, printing, or sending to an associate. For 
example, if your terminal emulator is the Hyperterminal application available 
with Microsoft® Windows® software, you can copy the show tech output to 
a file and then use either Microsoft Word or Notepad to display the data. (In 
this case, Microsoft Word provides the data in an easier-to-read format.) 


To Copy show tech output to a Text File. This example uses the 
Microsoft Windows terminal emulator. To use another terminal emulator 
application, refer to the documentation provided with that application. 


C-37 


Troubleshooting 
Diagnostic Tools 


1. 
In Hyperterminal, click on Transfer | Capture Text... 


Figure C-16. The Capture Text window of the Hypertext Application Used with 
Microsoft Windows Software 


2.
 
In the File field, enter the path and file name under which you want to store 
the show tech output. 


Figure C-17. Example of a Path and Filename for Creating a Text File from show 
tech Output 


3. 
Click [Start] to create and open the text file. 


4. 
Execute show tech: 


HPswitch# show tech
 


a.
 
Each time the resulting listing halts and displays -- MORE --, press 
the Space bar to resume the listing. 


b. When the CLI prompt appears, the show tech listing is complete. At 
this point, click on Transfer | Capture Text | Stop in HyperTerminal to stop 
copying data into the text file created in the preceding steps. 


Not e	 
Remember to do the above step to stop HyperTerminal from copying into the 
text file. Otherwise, the text file remains open to receiving additional data 
from the HyperTerminal screen. 


5.
 
To access the file, open it in Microsoft Word, Notepad, or a similar text 
editor. 
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CLI Administrative and Troubleshooting Commands 


These commands provide information or perform actions that you may find 
helpful in troubleshooting operating problems with the switch. 


Not e	 
For more on the CLI, refer to “Using the Command Line Interface (CLI)” on 
page 4-1. 


Syntax: 
show version 
Shows the software version currently running on the 


switch, 
and the flash image from which the switch booted (primary 
or secondary). 


show boot-history 


Displays the switch shutdown history. 


show history 


Displays the current command history. 


[no] page 


Toggles the paging mode for display commands between 
continuous listing and per-page listing. 


setup 


Displays the Switch Setup screen from the menu interface. 


repeat 


Repeatedly executes the previous command until a key is 
pressed. 


kill 


Terminates all other active sessions. 
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Restoring the Factory-Default 
Configuration 


As part of your troubleshooting process, it may become necessary to return 
the switch configuration to the factory default settings. This process momen­ 
tarily interrupts the switch operation, clears any passwords, clears the console 
event log, resets the network counters to zero, performs a complete self test, 
and reboots the switch into its factory default configuration including deleting 
an IP address. There are two methods for resetting to the factory-default 
configuration: 


■ 
CLI 


■ 
Clear/Reset button combination 


Not e	 
HP recommends that you save your configuration to a TFTP server before 
resetting the switch to its factory-default configuration. You can also save your 
configuration via Xmodem, to a directly connected PC. 


Using the CLI 


This command operates at any level except the Operator level. 


Syntax: 
erase startup-configuration 
Deletes the startup-config file in flash so that the switch will 
reboot with its factory-default configuration. 


Not e 
The erase startup-config command does not clear passwords. 


Using the Clear/Reset Buttons 


To execute the factory default reset, perform these steps: 


1.
 
Using pointed objects, simultaneously press both the Reset and Clear 
buttons on the front of the switch. 


2. 
Continue to press the Clear button while releasing the Reset button. 


3. 
When the Self Test LED begins to flash, release the Clear button. 


The switch will then complete its self test and begin operating with the 
configuration restored to the factory default settings. 
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Restoring a Flash Image 


The switch can lose its operating system if either the primary or secondary 
flash image location is empty or contains a corrupted OS file and an operator 
uses the erase flash command to erase a good OS image file from the opposite 
flash location. 


To Recover from an Empty or Corrupted Flash State. Use the switch’s 
console serial port to connect to a workstation or laptop computer that has 
the following: 


■	 
A terminal emulator program with Xmodem capability, such as the Hyper- 
Terminal program included in Windows PC software. 


■ 
A copy of a good OS image file for the switch. 


Not e	 
The following procedure requires the use of Xmodem, and copies an OS image 
into primary flash only. 


This procedure assumes you are using HyperTerminal as your terminal emu­ 
lator. If you use a different terminal emulator, you may need to adapt this 
procedure to the operation of your particular emulator. 


1. 
Start the terminal emulator program. 


2. 
Ensure that the terminal program is configured as follows: 


■ 
Baud rate: 9600 


■ 
No parity 


■ 
8 Bits 


■ 
1 stop bit 


■ 
No flow control 


3.
 
Use the Reset button to reset the switch. The following prompt should 
then appear in the terminal emulator: 


Enter h or ? for help.
 


=>
 


C-41 


Troubleshooting 
Restoring a Flash Image 


4.
 
Since the OS file is large, you can increase the speed of the download by 
changing the switch console and terminal emulator baud rates to a high	 
speed. For example:	 


a. 
Change the switch baud rate to 115,200 Bps.	 


=> sp 115200
 


b. Change the terminal emulator baud rate to match the switch speed:	 


i. 
In HyperTerminal, select Call | Disconnect.	 


ii. Select File | Properties.	 
iii. Click on Configure . . ..	 
iv. Change the baud rate to 115200.	 
v. 
Click on [OK]. In the next window, click on [OK] again.	 


vi. Select Call | Connect­ 
vii. Press [Enter] one or more times to display the => prompt.	 


5. 
Start the Console Download utility by typing do at the => prompt and	 
pressing [Enter]:	 


=> do
 


6. 
You will then see this prompt:	 


7. 
At the above prompt:	 


a. 
Type y (for Yes)	 


b. Select Transfer | File in HyperTerminal.	 


c. 
Enter the appropriate filename and path for the OS image.	 


d. Select the Xmodem protocol (and not the 1k Xmodem protocol).	 


e. 
Click on [Send].	 


If you are using HyperTerminal, you will see a screen similar to the 
following to indicate that the download is in progress: 
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Figure C-18. Example of Xmodem Download in Progress 


8.
 
When the download completes, the switch reboots from primary flash 
using the OS image you downloaded in the preceding steps, plus the most 
recent startup-config file. 
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Overview 


The switch assigns MAC addresses in these areas: 


■	 
For management functions: 


• 
One Base MAC address assigned to the default VLAN (VID = 1) 


•
 
Additional MAC address(es) corresponding to additional VLANs you 
configure in the switch 


■	 
For internal switch operations: One MAC address per port (See "CLI: 
Viewing the Port and VLAN MAC Addresses" on page D-4.) 


MAC addresses are assigned at the factory. The switch automatically 
implements these addresses for VLANs and ports as they are added to the 
switch. 


Not e	 
The switch’s base MAC address is also printed on a label affixed to the back 
of the switch. 
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Determining MAC Addresses 


MAC Address Viewing Methods 


Feature 
Default 
Menu 
CLI 
Web 


view switch’s base (default vlan) MAC address 
and the addressing for any added VLANs 


n/a 
D-3 
D-4 
— 


view port MAC addresses (hexadecimal format) 
n/a 
— 
D-4 
— 


■	 
Use the menu interface to view the switch’s base MAC address and the 
MAC address assigned to any non-default VLAN you have configured on 
the switch. 


Not e	 
The switch’s base MAC address is used for the default VLAN (VID = 1) that is 
always available on the switch. 


■	 
Use the CLI to view the switch’s port MAC addresses in hexadecimal 
format. 
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Menu: Viewing the Switch’s MAC Addresses 


The Management Address Information screen lists the MAC addresses for: 


■ 
Base switch (default VLAN; VID = 1) 


■ 
Any additional VLANs configured on the switch. 


Also, the Base MAC address appears on a label on the back of the switch. 


Not e	 
The Base MAC address is used by the first (default) VLAN in the switch. This 
is usually the VLAN named “DEFAULT_VLAN” unless the name has been 
changed (by using the VLAN Names screen). On the switches covered by this 
guide, the VID (VLAN identification number) for the default VLAN is always 
"1", and cannot be changed. 


To View the MAC Address (and IP Address) assignments for VLANs 
Configured on the Switch: 


1. 
From the Main Menu, Select 


1. Status and Counters 


2. Switch Management Address Information 


If the switch has only the default VLAN, the following screen appears. If 
the switch has multiple static VLANs, each is listed with its address data. 


Switch Base (or Default 
VLAN) MAC address 


Current IP Address 
Assigned to the Switch 


Figure D-1. Example of the Management Address Information Screen 
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CLI: Viewing the Port and VLAN MAC Addresses 


The MAC address assigned to each switch port is used internally by such 
features as Flow Control and the Spanning Tree Protocol. Using the walkmib 
command to determine the MAC address assignments for individual ports can 
sometimes be useful when diagnosing switch operation. 


The switch allots 24 MAC addresses per slot. For a given slot, if a three-port 
module is installed, then the switch uses the first three MAC addresses in the 
allotment for slot 1, and the remaining 21 MAC addresses are unused. If a six- 
port module is installed, the switch uses the first six MAC addresses in the 
allotment, and so-on. The switch’s base MAC address is assigned to VLAN 
(VID) 1 and appears in the walkmib listing after the MAC addresses for the 
ports. If multiple VLANs are configured, the MAC addresses assigned to these 
VLANs appear after the base MAC address. 


To display the switch’s MAC addresses, use the walkmib command at the 
command prompt: 


Not e	 
This procedure displays the MAC addresses for all ports and existing VLANs 
in the switch, regardless of which VLAN you select. 


1.
 
If the switch is at the CLI Operator level, use the enable command to enter 
the Manager level of the CLI. 


2. 
Type the following command to display the MAC address for each port on 
the switch: 


HPswitch# walkmib ifPhysAddress 


(The above command is not case-sensitive.) 


For example, with a six-port module in slot 1, a three-port module in slot 3, 
and three VLANs present: 
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ifPhysAddress.226 
& 237 
MAC Addresses for 
non-default VLANs. 


ifPhysAddress.1 - 6: 
Ports A1 - A6 in Slot 1 


(Addresses 7 - 24 in slot 1 and 25 - 48 in slot 2 are 
unused.) 


ifPhysAddress.49 - 51: 
Ports C1 - C3 in Slot 3 


(Addresses 52 - 72 in slot 3 are unused.) 


ifPhysAddress.205 
Base MAC Address (MAC 
Address for default VLAN; 
VID = 1) 


Figure D-2. Example of Port MAC Address Assignments 
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Daylight Savings Time on HP ProCurve 
Switches 


This information applies to the following HP ProCurve switches: 


• 2512 
• 2524 
• 2626 
• 2650 
• 4108GL 
• 4104GL 
• 6108 


• 5304XL 
• 5308XL 
• 1600M 
• 2400M 
• 2424M 
• 4000M 
• 8000M 


• 212M 
• 224M 


•
 HP AdvanceStack 
Switches 


•
 HP AdvanceStack 
Routers 


HP ProCurve switches provide a way to automatically adjust the system clock 
for Daylight Savings Time (DST) changes. To use this feature you define the 
month and date to begin and to end the change from standard time. In addition 
to the value "none" (no time changes), there are five pre-defined settings, 
named: 


■ 
Alaska 


■ 
Canada and Continental US 


■ 
Middle Europe and Portugal 


■ 
Southern Hemisphere 


■ 
Western Europe 


The pre-defined settings follow these rules: 


Alaska: 


• 
Begin DST at 2am the first Sunday on or after April 24th. 


• 
End DST at 2am the first Sunday on or after October 25th. 


Canada and Continental US: 


• 
Begin DST at 2am the first Sunday on or after April 1st. 


• 
End DST at 2am the first Sunday on or after October 25th. 
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Middle Europe and Portugal: 


• 
Begin DST at 2am the first Sunday on or after March 25th. 


• 
End DST at 2am the first Sunday on or after September 24th. 


Southern Hemisphere: 


• 
Begin DST at 2am the first Sunday on or after October 25th. 


• 
End DST at 2am the first Sunday on or after March 1st. 


Western Europe: 


• 
Begin DST at 2am the first Sunday on or after March 23rd. 


• 
End DST at 2am the first Sunday on or after October 23rd. 


A sixth option named "User defined" allows you to customize the DST config­ 
uration by entering the beginning month and date plus the ending month and 
date for the time change. The menu interface screen looks like this (all month/ 
date entries are at their default values): 


Select User-defined and press [v] to 
display the remaining parameters. 


Figure E-1. Menu Interface with "User-Defined" Daylight Time Rule Option 
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Before configuring a "User defined" Daylight Time Rule, it is important to 
understand how the switch treats the entries. The switch knows which dates 
are Sundays, and uses an algorithm to determine on which date to change the 
system clock, given the configured "Beginning day" and "Ending day": 


■ 
If the configured day is a Sunday, the time changes at 2am on that day. 


■	 
If the configured day is not a Sunday, the time changes at 2am on the first 
Sunday after the configured day. 


This is true for both the "Beginning day" and the "Ending day". 


With that algorithm, one should use the value "1" to represent "first Sunday of 
the month", and a value equal to "number of days in the month minus 6" to 
represent "last Sunday of the month". This allows a single configuration for 
every year, no matter what date is the appropriate Sunday to change the clock. 
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